From 5cde716b34c48865267ca876e3a86a6fe5406778 Mon Sep 17 00:00:00 2001 From: Jia Chao Date: Wed, 7 Aug 2024 09:51:34 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=EF=BC=9A20240807?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jia Chao --- .../2024/csaf-openEuler-SA-2024-1881.json | 1082 +++ .../2024/csaf-openEuler-SA-2024-1882.json | 1082 +++ .../2024/csaf-openEuler-SA-2024-1883.json | 1082 +++ .../2024/csaf-openEuler-SA-2024-1884.json | 1082 +++ .../2024/csaf-openEuler-SA-2024-1885.json | 1395 ++++ .../2024/csaf-openEuler-SA-2024-1886.json | 1729 +++++ .../2024/csaf-openEuler-SA-2024-1887.json | 253 + .../2024/csaf-openEuler-SA-2024-1888.json | 253 + .../2024/csaf-openEuler-SA-2024-1889.json | 253 + .../2024/csaf-openEuler-SA-2024-1890.json | 253 + .../2024/csaf-openEuler-SA-2024-1891.json | 1959 +++++ .../2024/csaf-openEuler-SA-2024-1892.json | 1913 +++++ .../2024/csaf-openEuler-SA-2024-1893.json | 450 ++ .../2024/csaf-openEuler-SA-2024-1894.json | 5471 +++++++++++++ .../2024/csaf-openEuler-SA-2024-1895.json | 4276 ++++++++++ .../2024/csaf-openEuler-SA-2024-1896.json | 5338 +++++++++++++ .../2024/csaf-openEuler-SA-2024-1897.json | 6848 +++++++++++++++++ .../2024/csaf-openEuler-SA-2024-1898.json | 1343 ++++ .../2024/csaf-openEuler-SA-2024-1899.json | 253 + .../2024/csaf-openEuler-SA-2024-1900.json | 443 ++ .../2024/csaf-openEuler-SA-2024-1901.json | 443 ++ .../2024/csaf-openEuler-SA-2024-1902.json | 443 ++ .../2024/csaf-openEuler-SA-2024-1903.json | 397 + .../2024/csaf-openEuler-SA-2024-1904.json | 397 + .../2024/csaf-openEuler-SA-2024-1905.json | 397 + .../2024/csaf-openEuler-SA-2024-1906.json | 1704 ++++ .../2024/csaf-openEuler-SA-2024-1907.json | 1704 ++++ .../2024/csaf-openEuler-SA-2024-1908.json | 1704 ++++ .../2024/csaf-openEuler-SA-2024-1909.json | 1704 ++++ .../2024/csaf-openEuler-SA-2024-1910.json | 449 ++ .../2024/csaf-openEuler-SA-2024-1911.json | 449 ++ .../2024/csaf-openEuler-SA-2024-1912.json | 449 ++ .../2024/csaf-openEuler-SA-2024-1913.json | 449 ++ .../2024/csaf-openEuler-SA-2024-1914.json | 1505 ++++ .../2024/csaf-openEuler-SA-2024-1915.json | 264 + .../2024/csaf-openEuler-SA-2024-1916.json | 264 + .../2024/csaf-openEuler-SA-2024-1917.json | 264 + .../2024/csaf-openEuler-SA-2024-1918.json | 264 + .../2024/csaf-openEuler-SA-2024-1919.json | 966 +++ .../2024/csaf-openEuler-SA-2024-1920.json | 966 +++ .../2024/csaf-openEuler-SA-2024-1921.json | 845 ++ .../2024/csaf-openEuler-SA-2024-1922.json | 966 +++ .../2024/csaf-openEuler-SA-2024-1923.json | 653 ++ .../2024/csaf-openEuler-SA-2024-1924.json | 653 ++ .../2024/csaf-openEuler-SA-2024-1925.json | 653 ++ .../2024/csaf-openEuler-SA-2024-1926.json | 689 ++ .../2024/csaf-openEuler-SA-2024-1927.json | 689 ++ .../2024/csaf-openEuler-SA-2024-1928.json | 586 ++ .../2024/csaf-openEuler-SA-2024-1929.json | 448 ++ .../2024/csaf-openEuler-SA-2024-1930.json | 448 ++ .../2024/csaf-openEuler-SA-2024-1931.json | 716 ++ .../2024/csaf-openEuler-SA-2024-1932.json | 1692 ++++ .../2024/csaf-openEuler-SA-2024-1933.json | 1329 ++++ .../2024/csaf-openEuler-SA-2024-1934.json | 1813 +++++ .../2024/csaf-openEuler-SA-2024-1935.json | 1692 ++++ .../2024/csaf-openEuler-SA-2024-1936.json | 494 ++ .../2024/csaf-openEuler-SA-2024-1937.json | 753 ++ .../2024/csaf-openEuler-SA-2024-1938.json | 1006 +++ .../2024/csaf-openEuler-SA-2024-1939.json | 429 ++ .../2024/csaf-openEuler-SA-2024-1940.json | 669 ++ .../2024/csaf-openEuler-SA-2024-1941.json | 5471 +++++++++++++ .../2024/csaf-openEuler-SA-2024-1942.json | 6269 +++++++++++++++ .../2024/csaf-openEuler-SA-2024-1943.json | 2938 +++++++ .../2024/csaf-openEuler-SA-2024-1944.json | 5182 +++++++++++++ .../2024/csaf-openEuler-SA-2024-1945.json | 235 + .../2024/csaf-openEuler-SA-2024-1946.json | 235 + .../2024/csaf-openEuler-SA-2024-1947.json | 235 + .../2024/csaf-openEuler-SA-2024-1948.json | 258 + .../2024/csaf-openEuler-SA-2024-1949.json | 448 ++ .../2024/csaf-openEuler-SA-2024-1950.json | 477 ++ csaf/advisories/index.txt | 132 +- csaf/download.sh | 14 + cusa/a/aom/config.json | 5 + cusa/a/assimp/config.json | 5 + cusa/a/avro/config.json | 5 + cusa/b/botan2/config.json | 5 + cusa/b/busybox/config.json | 5 + cusa/d/dnsjava/config.json | 5 + cusa/d/dnsmasq/config.json | 5 + cusa/e/edk2/config.json | 5 + cusa/e/exim/config.json | 5 + cusa/g/gtk2/config.json | 5 + cusa/g/gtk3/config.json | 5 + cusa/j/openjdk-11/config.json | 5 + cusa/l/libxml2/config.json | 5 + cusa/m/mpv/config.json | 5 + cusa/m/mysql/config.json | 5 + cusa/p/plasma-workspace/config.json | 5 + cusa/p/python-django/config.json | 5 + cusa/p/python-setuptools/config.json | 5 + cusa/p/python-urllib3/config.json | 5 + cusa/p/python-zipp/config.json | 5 + cusa/p/python3/config.json | 5 + 93 files changed, 91131 insertions(+), 31 deletions(-) create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1881.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1882.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1883.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1884.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1885.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1886.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1887.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1888.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1889.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1890.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1891.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1892.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1893.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1894.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1895.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1896.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1897.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1898.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1899.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1900.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1901.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1902.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1903.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1904.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1905.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1906.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1907.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1908.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1909.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1910.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1911.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1912.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1913.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1914.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1915.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1916.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1917.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1918.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1919.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1920.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1921.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1922.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1923.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1924.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1925.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1926.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1927.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1928.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1929.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1930.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1931.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1932.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1933.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1934.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1935.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1936.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1937.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1938.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1939.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1940.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1941.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1942.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1943.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1944.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1945.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1946.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1947.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1948.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1949.json create mode 100644 csaf/advisories/2024/csaf-openEuler-SA-2024-1950.json create mode 100755 csaf/download.sh create mode 100644 cusa/a/aom/config.json create mode 100644 cusa/a/assimp/config.json create mode 100644 cusa/a/avro/config.json create mode 100644 cusa/b/botan2/config.json create mode 100644 cusa/b/busybox/config.json create mode 100644 cusa/d/dnsjava/config.json create mode 100644 cusa/d/dnsmasq/config.json create mode 100644 cusa/e/edk2/config.json create mode 100644 cusa/e/exim/config.json create mode 100644 cusa/g/gtk2/config.json create mode 100644 cusa/g/gtk3/config.json create mode 100644 cusa/j/openjdk-11/config.json create mode 100644 cusa/l/libxml2/config.json create mode 100644 cusa/m/mpv/config.json create mode 100644 cusa/m/mysql/config.json create mode 100644 cusa/p/plasma-workspace/config.json create mode 100644 cusa/p/python-django/config.json create mode 100644 cusa/p/python-setuptools/config.json create mode 100644 cusa/p/python-urllib3/config.json create mode 100644 cusa/p/python-zipp/config.json create mode 100644 cusa/p/python3/config.json diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1881.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1881.json new file mode 100644 index 0000000..ccc5e5c --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1881.json @@ -0,0 +1,1082 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP3", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21129)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-21163)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21171)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21173)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1881", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1881" + }, + { + "summary":"CVE-2024-21129", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21129&packageName=mysql" + }, + { + "summary":"CVE-2024-21163", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21163&packageName=mysql" + }, + { + "summary":"CVE-2024-21171", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21171&packageName=mysql" + }, + { + "summary":"CVE-2024-21173", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21173&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21129" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21163" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21171" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21173" + }, + { + "summary":"openEuler-SA-2024-1881 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1881.json" + } + ], + "title":"An update for mysql is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:22+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:22+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:22+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:22+08:00", + "id":"openEuler-SA-2024-1881", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-8.0.38-1.oe2203sp3.src.rpm", + "name":"mysql-8.0.38-1.oe2203sp3.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-common-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-config-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-devel-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-help-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-libs-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-server-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-test-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-common-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-config-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-devel-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-help-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-libs-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-server-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-test-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-8.0.38-1.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "name":"mysql-8.0.38-1.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21129", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1881" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21129" + }, + { + "cve":"CVE-2024-21163", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1881" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21163" + }, + { + "cve":"CVE-2024-21171", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1881" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21171" + }, + { + "cve":"CVE-2024-21173", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1881" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21173" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1882.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1882.json new file mode 100644 index 0000000..201d36c --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1882.json @@ -0,0 +1,1082 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP1", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21129)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-21163)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21171)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21173)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1882", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1882" + }, + { + "summary":"CVE-2024-21129", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21129&packageName=mysql" + }, + { + "summary":"CVE-2024-21163", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21163&packageName=mysql" + }, + { + "summary":"CVE-2024-21171", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21171&packageName=mysql" + }, + { + "summary":"CVE-2024-21173", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21173&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21129" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21163" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21171" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21173" + }, + { + "summary":"openEuler-SA-2024-1882 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1882.json" + } + ], + "title":"An update for mysql is now available for openEuler-22.03-LTS-SP1", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:24+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:24+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:24+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:24+08:00", + "id":"openEuler-SA-2024-1882", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-8.0.38-1.oe2203sp1.src.rpm", + "name":"mysql-8.0.38-1.oe2203sp1.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp1.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-common-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-config-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-devel-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-help-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-libs-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-server-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-test-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-8.0.38-1.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "name":"mysql-8.0.38-1.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-common-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-config-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-devel-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-help-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-libs-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-server-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-test-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21129", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1882" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21129" + }, + { + "cve":"CVE-2024-21163", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1882" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21163" + }, + { + "cve":"CVE-2024-21171", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1882" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21171" + }, + { + "cve":"CVE-2024-21173", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1882" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21173" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1883.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1883.json new file mode 100644 index 0000000..59a7a7d --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1883.json @@ -0,0 +1,1082 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-24.03-LTS", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21129)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-21163)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21171)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21173)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1883", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1883" + }, + { + "summary":"CVE-2024-21129", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21129&packageName=mysql" + }, + { + "summary":"CVE-2024-21163", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21163&packageName=mysql" + }, + { + "summary":"CVE-2024-21171", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21171&packageName=mysql" + }, + { + "summary":"CVE-2024-21173", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21173&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21129" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21163" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21171" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21173" + }, + { + "summary":"openEuler-SA-2024-1883 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1883.json" + } + ], + "title":"An update for mysql is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:25+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:25+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:25+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:25+08:00", + "id":"openEuler-SA-2024-1883", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-common-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-config-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-help-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-server-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-test-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-8.0.38-1.oe2403.src.rpm", + "name":"mysql-8.0.38-1.oe2403.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-common-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-config-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-help-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-server-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-test-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "name":"mysql-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-common-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "name":"mysql-common-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-config-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "name":"mysql-config-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "name":"mysql-devel-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-help-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "name":"mysql-help-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "name":"mysql-libs-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-server-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "name":"mysql-server-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-test-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "name":"mysql-test-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-8.0.38-1.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "name":"mysql-8.0.38-1.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "name":"mysql-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-common-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "name":"mysql-common-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-config-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "name":"mysql-config-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "name":"mysql-devel-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-help-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "name":"mysql-help-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "name":"mysql-libs-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-server-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "name":"mysql-server-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-test-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "name":"mysql-test-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21129", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1883" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21129" + }, + { + "cve":"CVE-2024-21163", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1883" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21163" + }, + { + "cve":"CVE-2024-21171", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1883" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21171" + }, + { + "cve":"CVE-2024-21173", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1883" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21173" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1884.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1884.json new file mode 100644 index 0000000..5e28e6c --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1884.json @@ -0,0 +1,1082 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21129)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-21163)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21171)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21173)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1884", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1884" + }, + { + "summary":"CVE-2024-21129", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21129&packageName=mysql" + }, + { + "summary":"CVE-2024-21163", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21163&packageName=mysql" + }, + { + "summary":"CVE-2024-21171", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21171&packageName=mysql" + }, + { + "summary":"CVE-2024-21173", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21173&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21129" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21163" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21171" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21173" + }, + { + "summary":"openEuler-SA-2024-1884 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1884.json" + } + ], + "title":"An update for mysql is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:27+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:27+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:27+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:27+08:00", + "id":"openEuler-SA-2024-1884", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-8.0.38-1.oe2203sp4.src.rpm", + "name":"mysql-8.0.38-1.oe2203sp4.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-common-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-config-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-devel-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-help-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-libs-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-server-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-test-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-common-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-config-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-devel-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-help-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-libs-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-server-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-test-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-8.0.38-1.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "name":"mysql-8.0.38-1.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21129", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1884" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21129" + }, + { + "cve":"CVE-2024-21163", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1884" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21163" + }, + { + "cve":"CVE-2024-21171", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1884" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21171" + }, + { + "cve":"CVE-2024-21173", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1884" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21173" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1885.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1885.json new file mode 100644 index 0000000..4236e99 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1885.json @@ -0,0 +1,1395 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"openvpn security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for openvpn is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-adapted for the SME and enterprise markets.\n\nSecurity Fix(es):\n\n(CVE-2024-5594)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for openvpn is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"openvpn", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1885", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1885" + }, + { + "summary":"CVE-2024-5594", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5594&packageName=openvpn" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5594" + }, + { + "summary":"openEuler-SA-2024-1885 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1885.json" + } + ], + "title":"An update for openvpn is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:28+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:28+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-07-27T10:35:00+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-07-27T10:35:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-27T10:35:00+08:00", + "id":"openEuler-SA-2024-1885", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openvpn-2.5.5-4.oe2203sp3.aarch64.rpm", + "name":"openvpn-2.5.5-4.oe2203sp3.aarch64.rpm" + }, + "name":"openvpn-2.5.5-4.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openvpn-debuginfo-2.5.5-4.oe2203sp3.aarch64.rpm", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp3.aarch64.rpm" + }, + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openvpn-debugsource-2.5.5-4.oe2203sp3.aarch64.rpm", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp3.aarch64.rpm" + }, + "name":"openvpn-debugsource-2.5.5-4.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openvpn-devel-2.5.5-4.oe2203sp3.aarch64.rpm", + "name":"openvpn-devel-2.5.5-4.oe2203sp3.aarch64.rpm" + }, + "name":"openvpn-devel-2.5.5-4.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openvpn-2.4.8-10.oe2003sp4.aarch64.rpm", + "name":"openvpn-2.4.8-10.oe2003sp4.aarch64.rpm" + }, + "name":"openvpn-2.4.8-10.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openvpn-debuginfo-2.4.8-10.oe2003sp4.aarch64.rpm", + "name":"openvpn-debuginfo-2.4.8-10.oe2003sp4.aarch64.rpm" + }, + "name":"openvpn-debuginfo-2.4.8-10.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openvpn-debugsource-2.4.8-10.oe2003sp4.aarch64.rpm", + "name":"openvpn-debugsource-2.4.8-10.oe2003sp4.aarch64.rpm" + }, + "name":"openvpn-debugsource-2.4.8-10.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openvpn-devel-2.4.8-10.oe2003sp4.aarch64.rpm", + "name":"openvpn-devel-2.4.8-10.oe2003sp4.aarch64.rpm" + }, + "name":"openvpn-devel-2.4.8-10.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openvpn-2.5.5-4.oe2203sp1.aarch64.rpm", + "name":"openvpn-2.5.5-4.oe2203sp1.aarch64.rpm" + }, + "name":"openvpn-2.5.5-4.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openvpn-debuginfo-2.5.5-4.oe2203sp1.aarch64.rpm", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp1.aarch64.rpm" + }, + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openvpn-debugsource-2.5.5-4.oe2203sp1.aarch64.rpm", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp1.aarch64.rpm" + }, + "name":"openvpn-debugsource-2.5.5-4.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openvpn-devel-2.5.5-4.oe2203sp1.aarch64.rpm", + "name":"openvpn-devel-2.5.5-4.oe2203sp1.aarch64.rpm" + }, + "name":"openvpn-devel-2.5.5-4.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openvpn-2.6.9-3.oe2403.aarch64.rpm", + "name":"openvpn-2.6.9-3.oe2403.aarch64.rpm" + }, + "name":"openvpn-2.6.9-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openvpn-debuginfo-2.6.9-3.oe2403.aarch64.rpm", + "name":"openvpn-debuginfo-2.6.9-3.oe2403.aarch64.rpm" + }, + "name":"openvpn-debuginfo-2.6.9-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openvpn-debugsource-2.6.9-3.oe2403.aarch64.rpm", + "name":"openvpn-debugsource-2.6.9-3.oe2403.aarch64.rpm" + }, + "name":"openvpn-debugsource-2.6.9-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openvpn-devel-2.6.9-3.oe2403.aarch64.rpm", + "name":"openvpn-devel-2.6.9-3.oe2403.aarch64.rpm" + }, + "name":"openvpn-devel-2.6.9-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openvpn-2.5.5-4.oe2203sp4.aarch64.rpm", + "name":"openvpn-2.5.5-4.oe2203sp4.aarch64.rpm" + }, + "name":"openvpn-2.5.5-4.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openvpn-debuginfo-2.5.5-4.oe2203sp4.aarch64.rpm", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp4.aarch64.rpm" + }, + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openvpn-debugsource-2.5.5-4.oe2203sp4.aarch64.rpm", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp4.aarch64.rpm" + }, + "name":"openvpn-debugsource-2.5.5-4.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openvpn-devel-2.5.5-4.oe2203sp4.aarch64.rpm", + "name":"openvpn-devel-2.5.5-4.oe2203sp4.aarch64.rpm" + }, + "name":"openvpn-devel-2.5.5-4.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openvpn-2.5.5-4.oe2203sp3.src.rpm", + "name":"openvpn-2.5.5-4.oe2203sp3.src.rpm" + }, + "name":"openvpn-2.5.5-4.oe2203sp3.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openvpn-2.4.8-10.oe2003sp4.src.rpm", + "name":"openvpn-2.4.8-10.oe2003sp4.src.rpm" + }, + "name":"openvpn-2.4.8-10.oe2003sp4.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openvpn-2.5.5-4.oe2203sp1.src.rpm", + "name":"openvpn-2.5.5-4.oe2203sp1.src.rpm" + }, + "name":"openvpn-2.5.5-4.oe2203sp1.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openvpn-2.6.9-3.oe2403.src.rpm", + "name":"openvpn-2.6.9-3.oe2403.src.rpm" + }, + "name":"openvpn-2.6.9-3.oe2403.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openvpn-2.5.5-4.oe2203sp4.src.rpm", + "name":"openvpn-2.5.5-4.oe2203sp4.src.rpm" + }, + "name":"openvpn-2.5.5-4.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openvpn-2.5.5-4.oe2203sp3.x86_64.rpm", + "name":"openvpn-2.5.5-4.oe2203sp3.x86_64.rpm" + }, + "name":"openvpn-2.5.5-4.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openvpn-debuginfo-2.5.5-4.oe2203sp3.x86_64.rpm", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp3.x86_64.rpm" + }, + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openvpn-debugsource-2.5.5-4.oe2203sp3.x86_64.rpm", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp3.x86_64.rpm" + }, + "name":"openvpn-debugsource-2.5.5-4.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openvpn-devel-2.5.5-4.oe2203sp3.x86_64.rpm", + "name":"openvpn-devel-2.5.5-4.oe2203sp3.x86_64.rpm" + }, + "name":"openvpn-devel-2.5.5-4.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openvpn-2.4.8-10.oe2003sp4.x86_64.rpm", + "name":"openvpn-2.4.8-10.oe2003sp4.x86_64.rpm" + }, + "name":"openvpn-2.4.8-10.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openvpn-debuginfo-2.4.8-10.oe2003sp4.x86_64.rpm", + "name":"openvpn-debuginfo-2.4.8-10.oe2003sp4.x86_64.rpm" + }, + "name":"openvpn-debuginfo-2.4.8-10.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openvpn-debugsource-2.4.8-10.oe2003sp4.x86_64.rpm", + "name":"openvpn-debugsource-2.4.8-10.oe2003sp4.x86_64.rpm" + }, + "name":"openvpn-debugsource-2.4.8-10.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openvpn-devel-2.4.8-10.oe2003sp4.x86_64.rpm", + "name":"openvpn-devel-2.4.8-10.oe2003sp4.x86_64.rpm" + }, + "name":"openvpn-devel-2.4.8-10.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openvpn-2.5.5-4.oe2203sp1.x86_64.rpm", + "name":"openvpn-2.5.5-4.oe2203sp1.x86_64.rpm" + }, + "name":"openvpn-2.5.5-4.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openvpn-debuginfo-2.5.5-4.oe2203sp1.x86_64.rpm", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp1.x86_64.rpm" + }, + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openvpn-debugsource-2.5.5-4.oe2203sp1.x86_64.rpm", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp1.x86_64.rpm" + }, + "name":"openvpn-debugsource-2.5.5-4.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openvpn-devel-2.5.5-4.oe2203sp1.x86_64.rpm", + "name":"openvpn-devel-2.5.5-4.oe2203sp1.x86_64.rpm" + }, + "name":"openvpn-devel-2.5.5-4.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openvpn-2.6.9-3.oe2403.x86_64.rpm", + "name":"openvpn-2.6.9-3.oe2403.x86_64.rpm" + }, + "name":"openvpn-2.6.9-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openvpn-debuginfo-2.6.9-3.oe2403.x86_64.rpm", + "name":"openvpn-debuginfo-2.6.9-3.oe2403.x86_64.rpm" + }, + "name":"openvpn-debuginfo-2.6.9-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openvpn-debugsource-2.6.9-3.oe2403.x86_64.rpm", + "name":"openvpn-debugsource-2.6.9-3.oe2403.x86_64.rpm" + }, + "name":"openvpn-debugsource-2.6.9-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openvpn-devel-2.6.9-3.oe2403.x86_64.rpm", + "name":"openvpn-devel-2.6.9-3.oe2403.x86_64.rpm" + }, + "name":"openvpn-devel-2.6.9-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openvpn-2.5.5-4.oe2203sp4.x86_64.rpm", + "name":"openvpn-2.5.5-4.oe2203sp4.x86_64.rpm" + }, + "name":"openvpn-2.5.5-4.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openvpn-debuginfo-2.5.5-4.oe2203sp4.x86_64.rpm", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp4.x86_64.rpm" + }, + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openvpn-debugsource-2.5.5-4.oe2203sp4.x86_64.rpm", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp4.x86_64.rpm" + }, + "name":"openvpn-debugsource-2.5.5-4.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openvpn-devel-2.5.5-4.oe2203sp4.x86_64.rpm", + "name":"openvpn-devel-2.5.5-4.oe2203sp4.x86_64.rpm" + }, + "name":"openvpn-devel-2.5.5-4.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openvpn-help-2.5.5-4.oe2203sp3.noarch.rpm", + "name":"openvpn-help-2.5.5-4.oe2203sp3.noarch.rpm" + }, + "name":"openvpn-help-2.5.5-4.oe2203sp3.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openvpn-help-2.4.8-10.oe2003sp4.noarch.rpm", + "name":"openvpn-help-2.4.8-10.oe2003sp4.noarch.rpm" + }, + "name":"openvpn-help-2.4.8-10.oe2003sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openvpn-help-2.5.5-4.oe2203sp1.noarch.rpm", + "name":"openvpn-help-2.5.5-4.oe2203sp1.noarch.rpm" + }, + "name":"openvpn-help-2.5.5-4.oe2203sp1.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openvpn-help-2.6.9-3.oe2403.noarch.rpm", + "name":"openvpn-help-2.6.9-3.oe2403.noarch.rpm" + }, + "name":"openvpn-help-2.6.9-3.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openvpn-help-2.5.5-4.oe2203sp4.noarch.rpm", + "name":"openvpn-help-2.5.5-4.oe2203sp4.noarch.rpm" + }, + "name":"openvpn-help-2.5.5-4.oe2203sp4.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"openvpn-2.5.5-4.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.aarch64", + "name":"openvpn-2.5.5-4.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"openvpn-debuginfo-2.5.5-4.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:openvpn-debuginfo-2.5.5-4.oe2203sp3.aarch64", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"openvpn-debugsource-2.5.5-4.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:openvpn-debugsource-2.5.5-4.oe2203sp3.aarch64", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"openvpn-devel-2.5.5-4.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:openvpn-devel-2.5.5-4.oe2203sp3.aarch64", + "name":"openvpn-devel-2.5.5-4.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"openvpn-2.4.8-10.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.aarch64", + "name":"openvpn-2.4.8-10.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"openvpn-debuginfo-2.4.8-10.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:openvpn-debuginfo-2.4.8-10.oe2003sp4.aarch64", + "name":"openvpn-debuginfo-2.4.8-10.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"openvpn-debugsource-2.4.8-10.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:openvpn-debugsource-2.4.8-10.oe2003sp4.aarch64", + "name":"openvpn-debugsource-2.4.8-10.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"openvpn-devel-2.4.8-10.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:openvpn-devel-2.4.8-10.oe2003sp4.aarch64", + "name":"openvpn-devel-2.4.8-10.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"openvpn-2.5.5-4.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.aarch64", + "name":"openvpn-2.5.5-4.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"openvpn-debuginfo-2.5.5-4.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:openvpn-debuginfo-2.5.5-4.oe2203sp1.aarch64", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"openvpn-debugsource-2.5.5-4.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:openvpn-debugsource-2.5.5-4.oe2203sp1.aarch64", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"openvpn-devel-2.5.5-4.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:openvpn-devel-2.5.5-4.oe2203sp1.aarch64", + "name":"openvpn-devel-2.5.5-4.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"openvpn-2.6.9-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.aarch64", + "name":"openvpn-2.6.9-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"openvpn-debuginfo-2.6.9-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:openvpn-debuginfo-2.6.9-3.oe2403.aarch64", + "name":"openvpn-debuginfo-2.6.9-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"openvpn-debugsource-2.6.9-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:openvpn-debugsource-2.6.9-3.oe2403.aarch64", + "name":"openvpn-debugsource-2.6.9-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"openvpn-devel-2.6.9-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:openvpn-devel-2.6.9-3.oe2403.aarch64", + "name":"openvpn-devel-2.6.9-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"openvpn-2.5.5-4.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.aarch64", + "name":"openvpn-2.5.5-4.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"openvpn-debuginfo-2.5.5-4.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:openvpn-debuginfo-2.5.5-4.oe2203sp4.aarch64", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"openvpn-debugsource-2.5.5-4.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:openvpn-debugsource-2.5.5-4.oe2203sp4.aarch64", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"openvpn-devel-2.5.5-4.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:openvpn-devel-2.5.5-4.oe2203sp4.aarch64", + "name":"openvpn-devel-2.5.5-4.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"openvpn-2.5.5-4.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.src", + "name":"openvpn-2.5.5-4.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"openvpn-2.4.8-10.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.src", + "name":"openvpn-2.4.8-10.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"openvpn-2.5.5-4.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.src", + "name":"openvpn-2.5.5-4.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"openvpn-2.6.9-3.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.src", + "name":"openvpn-2.6.9-3.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"openvpn-2.5.5-4.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.src", + "name":"openvpn-2.5.5-4.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"openvpn-2.5.5-4.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.x86_64", + "name":"openvpn-2.5.5-4.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"openvpn-debuginfo-2.5.5-4.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:openvpn-debuginfo-2.5.5-4.oe2203sp3.x86_64", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"openvpn-debugsource-2.5.5-4.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:openvpn-debugsource-2.5.5-4.oe2203sp3.x86_64", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"openvpn-devel-2.5.5-4.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:openvpn-devel-2.5.5-4.oe2203sp3.x86_64", + "name":"openvpn-devel-2.5.5-4.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"openvpn-2.4.8-10.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.x86_64", + "name":"openvpn-2.4.8-10.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"openvpn-debuginfo-2.4.8-10.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:openvpn-debuginfo-2.4.8-10.oe2003sp4.x86_64", + "name":"openvpn-debuginfo-2.4.8-10.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"openvpn-debugsource-2.4.8-10.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:openvpn-debugsource-2.4.8-10.oe2003sp4.x86_64", + "name":"openvpn-debugsource-2.4.8-10.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"openvpn-devel-2.4.8-10.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:openvpn-devel-2.4.8-10.oe2003sp4.x86_64", + "name":"openvpn-devel-2.4.8-10.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"openvpn-2.5.5-4.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.x86_64", + "name":"openvpn-2.5.5-4.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"openvpn-debuginfo-2.5.5-4.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:openvpn-debuginfo-2.5.5-4.oe2203sp1.x86_64", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"openvpn-debugsource-2.5.5-4.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:openvpn-debugsource-2.5.5-4.oe2203sp1.x86_64", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"openvpn-devel-2.5.5-4.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:openvpn-devel-2.5.5-4.oe2203sp1.x86_64", + "name":"openvpn-devel-2.5.5-4.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"openvpn-2.6.9-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.x86_64", + "name":"openvpn-2.6.9-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"openvpn-debuginfo-2.6.9-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:openvpn-debuginfo-2.6.9-3.oe2403.x86_64", + "name":"openvpn-debuginfo-2.6.9-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"openvpn-debugsource-2.6.9-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:openvpn-debugsource-2.6.9-3.oe2403.x86_64", + "name":"openvpn-debugsource-2.6.9-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"openvpn-devel-2.6.9-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:openvpn-devel-2.6.9-3.oe2403.x86_64", + "name":"openvpn-devel-2.6.9-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"openvpn-2.5.5-4.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.x86_64", + "name":"openvpn-2.5.5-4.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"openvpn-debuginfo-2.5.5-4.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:openvpn-debuginfo-2.5.5-4.oe2203sp4.x86_64", + "name":"openvpn-debuginfo-2.5.5-4.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"openvpn-debugsource-2.5.5-4.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:openvpn-debugsource-2.5.5-4.oe2203sp4.x86_64", + "name":"openvpn-debugsource-2.5.5-4.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"openvpn-devel-2.5.5-4.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:openvpn-devel-2.5.5-4.oe2203sp4.x86_64", + "name":"openvpn-devel-2.5.5-4.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"openvpn-help-2.5.5-4.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:openvpn-help-2.5.5-4.oe2203sp3.noarch", + "name":"openvpn-help-2.5.5-4.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"openvpn-help-2.4.8-10.oe2003sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:openvpn-help-2.4.8-10.oe2003sp4.noarch", + "name":"openvpn-help-2.4.8-10.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"openvpn-help-2.5.5-4.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:openvpn-help-2.5.5-4.oe2203sp1.noarch", + "name":"openvpn-help-2.5.5-4.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"openvpn-help-2.6.9-3.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:openvpn-help-2.6.9-3.oe2403.noarch", + "name":"openvpn-help-2.6.9-3.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"openvpn-help-2.5.5-4.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:openvpn-help-2.5.5-4.oe2203sp4.noarch", + "name":"openvpn-help-2.5.5-4.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-5594", + "notes":[ + { + "text":"null", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-debuginfo-2.5.5-4.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-debugsource-2.5.5-4.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-devel-2.5.5-4.oe2203sp3.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-debuginfo-2.4.8-10.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-debugsource-2.4.8-10.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-devel-2.4.8-10.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-debuginfo-2.5.5-4.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-debugsource-2.5.5-4.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-devel-2.5.5-4.oe2203sp1.aarch64", + "openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.aarch64", + "openEuler-24.03-LTS:openvpn-debuginfo-2.6.9-3.oe2403.aarch64", + "openEuler-24.03-LTS:openvpn-debugsource-2.6.9-3.oe2403.aarch64", + "openEuler-24.03-LTS:openvpn-devel-2.6.9-3.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-debuginfo-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-debugsource-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-devel-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.src", + "openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.src", + "openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-debuginfo-2.5.5-4.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-debugsource-2.5.5-4.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-devel-2.5.5-4.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-debuginfo-2.4.8-10.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-debugsource-2.4.8-10.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-devel-2.4.8-10.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-debuginfo-2.5.5-4.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-debugsource-2.5.5-4.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-devel-2.5.5-4.oe2203sp1.x86_64", + "openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.x86_64", + "openEuler-24.03-LTS:openvpn-debuginfo-2.6.9-3.oe2403.x86_64", + "openEuler-24.03-LTS:openvpn-debugsource-2.6.9-3.oe2403.x86_64", + "openEuler-24.03-LTS:openvpn-devel-2.6.9-3.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-debuginfo-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-debugsource-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-devel-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-help-2.5.5-4.oe2203sp3.noarch", + "openEuler-20.03-LTS-SP4:openvpn-help-2.4.8-10.oe2003sp4.noarch", + "openEuler-22.03-LTS-SP1:openvpn-help-2.5.5-4.oe2203sp1.noarch", + "openEuler-24.03-LTS:openvpn-help-2.6.9-3.oe2403.noarch", + "openEuler-22.03-LTS-SP4:openvpn-help-2.5.5-4.oe2203sp4.noarch" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-debuginfo-2.5.5-4.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-debugsource-2.5.5-4.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-devel-2.5.5-4.oe2203sp3.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-debuginfo-2.4.8-10.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-debugsource-2.4.8-10.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-devel-2.4.8-10.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-debuginfo-2.5.5-4.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-debugsource-2.5.5-4.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-devel-2.5.5-4.oe2203sp1.aarch64", + "openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.aarch64", + "openEuler-24.03-LTS:openvpn-debuginfo-2.6.9-3.oe2403.aarch64", + "openEuler-24.03-LTS:openvpn-debugsource-2.6.9-3.oe2403.aarch64", + "openEuler-24.03-LTS:openvpn-devel-2.6.9-3.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-debuginfo-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-debugsource-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-devel-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.src", + "openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.src", + "openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-debuginfo-2.5.5-4.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-debugsource-2.5.5-4.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-devel-2.5.5-4.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-debuginfo-2.4.8-10.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-debugsource-2.4.8-10.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-devel-2.4.8-10.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-debuginfo-2.5.5-4.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-debugsource-2.5.5-4.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-devel-2.5.5-4.oe2203sp1.x86_64", + "openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.x86_64", + "openEuler-24.03-LTS:openvpn-debuginfo-2.6.9-3.oe2403.x86_64", + "openEuler-24.03-LTS:openvpn-debugsource-2.6.9-3.oe2403.x86_64", + "openEuler-24.03-LTS:openvpn-devel-2.6.9-3.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-debuginfo-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-debugsource-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-devel-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-help-2.5.5-4.oe2203sp3.noarch", + "openEuler-20.03-LTS-SP4:openvpn-help-2.4.8-10.oe2003sp4.noarch", + "openEuler-22.03-LTS-SP1:openvpn-help-2.5.5-4.oe2203sp1.noarch", + "openEuler-24.03-LTS:openvpn-help-2.6.9-3.oe2403.noarch", + "openEuler-22.03-LTS-SP4:openvpn-help-2.5.5-4.oe2203sp4.noarch" + ], + "details":"openvpn security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1885" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.4, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-debuginfo-2.5.5-4.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-debugsource-2.5.5-4.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-devel-2.5.5-4.oe2203sp3.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-debuginfo-2.4.8-10.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-debugsource-2.4.8-10.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:openvpn-devel-2.4.8-10.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-debuginfo-2.5.5-4.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-debugsource-2.5.5-4.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:openvpn-devel-2.5.5-4.oe2203sp1.aarch64", + "openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.aarch64", + "openEuler-24.03-LTS:openvpn-debuginfo-2.6.9-3.oe2403.aarch64", + "openEuler-24.03-LTS:openvpn-debugsource-2.6.9-3.oe2403.aarch64", + "openEuler-24.03-LTS:openvpn-devel-2.6.9-3.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-debuginfo-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-debugsource-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:openvpn-devel-2.5.5-4.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.src", + "openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.src", + "openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:openvpn-2.5.5-4.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-debuginfo-2.5.5-4.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-debugsource-2.5.5-4.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-devel-2.5.5-4.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-2.4.8-10.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-debuginfo-2.4.8-10.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-debugsource-2.4.8-10.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:openvpn-devel-2.4.8-10.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-2.5.5-4.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-debuginfo-2.5.5-4.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-debugsource-2.5.5-4.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:openvpn-devel-2.5.5-4.oe2203sp1.x86_64", + "openEuler-24.03-LTS:openvpn-2.6.9-3.oe2403.x86_64", + "openEuler-24.03-LTS:openvpn-debuginfo-2.6.9-3.oe2403.x86_64", + "openEuler-24.03-LTS:openvpn-debugsource-2.6.9-3.oe2403.x86_64", + "openEuler-24.03-LTS:openvpn-devel-2.6.9-3.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-debuginfo-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-debugsource-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:openvpn-devel-2.5.5-4.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:openvpn-help-2.5.5-4.oe2203sp3.noarch", + "openEuler-20.03-LTS-SP4:openvpn-help-2.4.8-10.oe2003sp4.noarch", + "openEuler-22.03-LTS-SP1:openvpn-help-2.5.5-4.oe2203sp1.noarch", + "openEuler-24.03-LTS:openvpn-help-2.6.9-3.oe2403.noarch", + "openEuler-22.03-LTS-SP4:openvpn-help-2.5.5-4.oe2203sp4.noarch" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-5594" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1886.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1886.json new file mode 100644 index 0000000..184a361 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1886.json @@ -0,0 +1,1729 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"gtk2 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for gtk2 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3", + "category":"general", + "title":"Summary" + }, + { + "text":"GTK+ is a library for creating graphical user interfaces. The library is created in C programming language. The GTK+ is also called the GIMP Toolkit. Originally, the library was created while developing the GIMP image manipulation program.\n\nSecurity Fix(es):\n\nA flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.(CVE-2024-6655)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for gtk2 is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"gtk2", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1886", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1886" + }, + { + "summary":"CVE-2024-6655", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6655&packageName=gtk2" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6655" + }, + { + "summary":"openEuler-SA-2024-1886 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1886.json" + } + ], + "title":"An update for gtk2 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:30+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:30+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:30+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:30+08:00", + "id":"openEuler-SA-2024-1886", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-2.24.32-11.oe2003sp4.src.rpm", + "name":"gtk2-2.24.32-11.oe2003sp4.src.rpm" + }, + "name":"gtk2-2.24.32-11.oe2003sp4.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-2.24.33-9.oe2203sp1.src.rpm", + "name":"gtk2-2.24.33-9.oe2203sp1.src.rpm" + }, + "name":"gtk2-2.24.33-9.oe2203sp1.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-2.24.33-10.oe2403.src.rpm", + "name":"gtk2-2.24.33-10.oe2403.src.rpm" + }, + "name":"gtk2-2.24.33-10.oe2403.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-2.24.33-9.oe2203sp4.src.rpm", + "name":"gtk2-2.24.33-9.oe2203sp4.src.rpm" + }, + "name":"gtk2-2.24.33-9.oe2203sp4.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-2.24.33-9.oe2203sp3.src.rpm", + "name":"gtk2-2.24.33-9.oe2203sp3.src.rpm" + }, + "name":"gtk2-2.24.33-9.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-2.24.32-11.oe2003sp4.x86_64.rpm", + "name":"gtk2-2.24.32-11.oe2003sp4.x86_64.rpm" + }, + "name":"gtk2-2.24.32-11.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-debuginfo-2.24.32-11.oe2003sp4.x86_64.rpm", + "name":"gtk2-debuginfo-2.24.32-11.oe2003sp4.x86_64.rpm" + }, + "name":"gtk2-debuginfo-2.24.32-11.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-debugsource-2.24.32-11.oe2003sp4.x86_64.rpm", + "name":"gtk2-debugsource-2.24.32-11.oe2003sp4.x86_64.rpm" + }, + "name":"gtk2-debugsource-2.24.32-11.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-devel-2.24.32-11.oe2003sp4.x86_64.rpm", + "name":"gtk2-devel-2.24.32-11.oe2003sp4.x86_64.rpm" + }, + "name":"gtk2-devel-2.24.32-11.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-help-2.24.32-11.oe2003sp4.x86_64.rpm", + "name":"gtk2-help-2.24.32-11.oe2003sp4.x86_64.rpm" + }, + "name":"gtk2-help-2.24.32-11.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-immodule-xim-2.24.32-11.oe2003sp4.x86_64.rpm", + "name":"gtk2-immodule-xim-2.24.32-11.oe2003sp4.x86_64.rpm" + }, + "name":"gtk2-immodule-xim-2.24.32-11.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-2.24.33-9.oe2203sp1.x86_64.rpm", + "name":"gtk2-2.24.33-9.oe2203sp1.x86_64.rpm" + }, + "name":"gtk2-2.24.33-9.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-debuginfo-2.24.33-9.oe2203sp1.x86_64.rpm", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp1.x86_64.rpm" + }, + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-debugsource-2.24.33-9.oe2203sp1.x86_64.rpm", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp1.x86_64.rpm" + }, + "name":"gtk2-debugsource-2.24.33-9.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-devel-2.24.33-9.oe2203sp1.x86_64.rpm", + "name":"gtk2-devel-2.24.33-9.oe2203sp1.x86_64.rpm" + }, + "name":"gtk2-devel-2.24.33-9.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-help-2.24.33-9.oe2203sp1.x86_64.rpm", + "name":"gtk2-help-2.24.33-9.oe2203sp1.x86_64.rpm" + }, + "name":"gtk2-help-2.24.33-9.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-immodule-xim-2.24.33-9.oe2203sp1.x86_64.rpm", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp1.x86_64.rpm" + }, + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-2.24.33-10.oe2403.x86_64.rpm", + "name":"gtk2-2.24.33-10.oe2403.x86_64.rpm" + }, + "name":"gtk2-2.24.33-10.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-debuginfo-2.24.33-10.oe2403.x86_64.rpm", + "name":"gtk2-debuginfo-2.24.33-10.oe2403.x86_64.rpm" + }, + "name":"gtk2-debuginfo-2.24.33-10.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-debugsource-2.24.33-10.oe2403.x86_64.rpm", + "name":"gtk2-debugsource-2.24.33-10.oe2403.x86_64.rpm" + }, + "name":"gtk2-debugsource-2.24.33-10.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-devel-2.24.33-10.oe2403.x86_64.rpm", + "name":"gtk2-devel-2.24.33-10.oe2403.x86_64.rpm" + }, + "name":"gtk2-devel-2.24.33-10.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-help-2.24.33-10.oe2403.x86_64.rpm", + "name":"gtk2-help-2.24.33-10.oe2403.x86_64.rpm" + }, + "name":"gtk2-help-2.24.33-10.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-immodule-xim-2.24.33-10.oe2403.x86_64.rpm", + "name":"gtk2-immodule-xim-2.24.33-10.oe2403.x86_64.rpm" + }, + "name":"gtk2-immodule-xim-2.24.33-10.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-2.24.33-9.oe2203sp4.x86_64.rpm", + "name":"gtk2-2.24.33-9.oe2203sp4.x86_64.rpm" + }, + "name":"gtk2-2.24.33-9.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-debuginfo-2.24.33-9.oe2203sp4.x86_64.rpm", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp4.x86_64.rpm" + }, + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-debugsource-2.24.33-9.oe2203sp4.x86_64.rpm", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp4.x86_64.rpm" + }, + "name":"gtk2-debugsource-2.24.33-9.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-devel-2.24.33-9.oe2203sp4.x86_64.rpm", + "name":"gtk2-devel-2.24.33-9.oe2203sp4.x86_64.rpm" + }, + "name":"gtk2-devel-2.24.33-9.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-help-2.24.33-9.oe2203sp4.x86_64.rpm", + "name":"gtk2-help-2.24.33-9.oe2203sp4.x86_64.rpm" + }, + "name":"gtk2-help-2.24.33-9.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-immodule-xim-2.24.33-9.oe2203sp4.x86_64.rpm", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp4.x86_64.rpm" + }, + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-2.24.33-9.oe2203sp3.x86_64.rpm", + "name":"gtk2-2.24.33-9.oe2203sp3.x86_64.rpm" + }, + "name":"gtk2-2.24.33-9.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-debuginfo-2.24.33-9.oe2203sp3.x86_64.rpm", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp3.x86_64.rpm" + }, + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-debugsource-2.24.33-9.oe2203sp3.x86_64.rpm", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp3.x86_64.rpm" + }, + "name":"gtk2-debugsource-2.24.33-9.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-devel-2.24.33-9.oe2203sp3.x86_64.rpm", + "name":"gtk2-devel-2.24.33-9.oe2203sp3.x86_64.rpm" + }, + "name":"gtk2-devel-2.24.33-9.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-help-2.24.33-9.oe2203sp3.x86_64.rpm", + "name":"gtk2-help-2.24.33-9.oe2203sp3.x86_64.rpm" + }, + "name":"gtk2-help-2.24.33-9.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-immodule-xim-2.24.33-9.oe2203sp3.x86_64.rpm", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp3.x86_64.rpm" + }, + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-2.24.32-11.oe2003sp4.aarch64.rpm", + "name":"gtk2-2.24.32-11.oe2003sp4.aarch64.rpm" + }, + "name":"gtk2-2.24.32-11.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-debuginfo-2.24.32-11.oe2003sp4.aarch64.rpm", + "name":"gtk2-debuginfo-2.24.32-11.oe2003sp4.aarch64.rpm" + }, + "name":"gtk2-debuginfo-2.24.32-11.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-debugsource-2.24.32-11.oe2003sp4.aarch64.rpm", + "name":"gtk2-debugsource-2.24.32-11.oe2003sp4.aarch64.rpm" + }, + "name":"gtk2-debugsource-2.24.32-11.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-devel-2.24.32-11.oe2003sp4.aarch64.rpm", + "name":"gtk2-devel-2.24.32-11.oe2003sp4.aarch64.rpm" + }, + "name":"gtk2-devel-2.24.32-11.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-help-2.24.32-11.oe2003sp4.aarch64.rpm", + "name":"gtk2-help-2.24.32-11.oe2003sp4.aarch64.rpm" + }, + "name":"gtk2-help-2.24.32-11.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk2-immodule-xim-2.24.32-11.oe2003sp4.aarch64.rpm", + "name":"gtk2-immodule-xim-2.24.32-11.oe2003sp4.aarch64.rpm" + }, + "name":"gtk2-immodule-xim-2.24.32-11.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-2.24.33-9.oe2203sp1.aarch64.rpm", + "name":"gtk2-2.24.33-9.oe2203sp1.aarch64.rpm" + }, + "name":"gtk2-2.24.33-9.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-debuginfo-2.24.33-9.oe2203sp1.aarch64.rpm", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp1.aarch64.rpm" + }, + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-debugsource-2.24.33-9.oe2203sp1.aarch64.rpm", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp1.aarch64.rpm" + }, + "name":"gtk2-debugsource-2.24.33-9.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-devel-2.24.33-9.oe2203sp1.aarch64.rpm", + "name":"gtk2-devel-2.24.33-9.oe2203sp1.aarch64.rpm" + }, + "name":"gtk2-devel-2.24.33-9.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-help-2.24.33-9.oe2203sp1.aarch64.rpm", + "name":"gtk2-help-2.24.33-9.oe2203sp1.aarch64.rpm" + }, + "name":"gtk2-help-2.24.33-9.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk2-immodule-xim-2.24.33-9.oe2203sp1.aarch64.rpm", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp1.aarch64.rpm" + }, + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-2.24.33-10.oe2403.aarch64.rpm", + "name":"gtk2-2.24.33-10.oe2403.aarch64.rpm" + }, + "name":"gtk2-2.24.33-10.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-debuginfo-2.24.33-10.oe2403.aarch64.rpm", + "name":"gtk2-debuginfo-2.24.33-10.oe2403.aarch64.rpm" + }, + "name":"gtk2-debuginfo-2.24.33-10.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-debugsource-2.24.33-10.oe2403.aarch64.rpm", + "name":"gtk2-debugsource-2.24.33-10.oe2403.aarch64.rpm" + }, + "name":"gtk2-debugsource-2.24.33-10.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-devel-2.24.33-10.oe2403.aarch64.rpm", + "name":"gtk2-devel-2.24.33-10.oe2403.aarch64.rpm" + }, + "name":"gtk2-devel-2.24.33-10.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-help-2.24.33-10.oe2403.aarch64.rpm", + "name":"gtk2-help-2.24.33-10.oe2403.aarch64.rpm" + }, + "name":"gtk2-help-2.24.33-10.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk2-immodule-xim-2.24.33-10.oe2403.aarch64.rpm", + "name":"gtk2-immodule-xim-2.24.33-10.oe2403.aarch64.rpm" + }, + "name":"gtk2-immodule-xim-2.24.33-10.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-2.24.33-9.oe2203sp4.aarch64.rpm", + "name":"gtk2-2.24.33-9.oe2203sp4.aarch64.rpm" + }, + "name":"gtk2-2.24.33-9.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-debuginfo-2.24.33-9.oe2203sp4.aarch64.rpm", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp4.aarch64.rpm" + }, + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-debugsource-2.24.33-9.oe2203sp4.aarch64.rpm", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp4.aarch64.rpm" + }, + "name":"gtk2-debugsource-2.24.33-9.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-devel-2.24.33-9.oe2203sp4.aarch64.rpm", + "name":"gtk2-devel-2.24.33-9.oe2203sp4.aarch64.rpm" + }, + "name":"gtk2-devel-2.24.33-9.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-help-2.24.33-9.oe2203sp4.aarch64.rpm", + "name":"gtk2-help-2.24.33-9.oe2203sp4.aarch64.rpm" + }, + "name":"gtk2-help-2.24.33-9.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk2-immodule-xim-2.24.33-9.oe2203sp4.aarch64.rpm", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp4.aarch64.rpm" + }, + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-2.24.33-9.oe2203sp3.aarch64.rpm", + "name":"gtk2-2.24.33-9.oe2203sp3.aarch64.rpm" + }, + "name":"gtk2-2.24.33-9.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-debuginfo-2.24.33-9.oe2203sp3.aarch64.rpm", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp3.aarch64.rpm" + }, + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-debugsource-2.24.33-9.oe2203sp3.aarch64.rpm", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp3.aarch64.rpm" + }, + "name":"gtk2-debugsource-2.24.33-9.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-devel-2.24.33-9.oe2203sp3.aarch64.rpm", + "name":"gtk2-devel-2.24.33-9.oe2203sp3.aarch64.rpm" + }, + "name":"gtk2-devel-2.24.33-9.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-help-2.24.33-9.oe2203sp3.aarch64.rpm", + "name":"gtk2-help-2.24.33-9.oe2203sp3.aarch64.rpm" + }, + "name":"gtk2-help-2.24.33-9.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk2-immodule-xim-2.24.33-9.oe2203sp3.aarch64.rpm", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp3.aarch64.rpm" + }, + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-2.24.32-11.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.src", + "name":"gtk2-2.24.32-11.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-2.24.33-9.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.src", + "name":"gtk2-2.24.33-9.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-2.24.33-10.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.src", + "name":"gtk2-2.24.33-10.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-2.24.33-9.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.src", + "name":"gtk2-2.24.33-9.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-2.24.33-9.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.src", + "name":"gtk2-2.24.33-9.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-2.24.32-11.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.x86_64", + "name":"gtk2-2.24.32-11.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-debuginfo-2.24.32-11.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-debuginfo-2.24.32-11.oe2003sp4.x86_64", + "name":"gtk2-debuginfo-2.24.32-11.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-debugsource-2.24.32-11.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-debugsource-2.24.32-11.oe2003sp4.x86_64", + "name":"gtk2-debugsource-2.24.32-11.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-devel-2.24.32-11.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-devel-2.24.32-11.oe2003sp4.x86_64", + "name":"gtk2-devel-2.24.32-11.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-help-2.24.32-11.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-help-2.24.32-11.oe2003sp4.x86_64", + "name":"gtk2-help-2.24.32-11.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-immodule-xim-2.24.32-11.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-immodule-xim-2.24.32-11.oe2003sp4.x86_64", + "name":"gtk2-immodule-xim-2.24.32-11.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-2.24.33-9.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.x86_64", + "name":"gtk2-2.24.33-9.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-debuginfo-2.24.33-9.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-debuginfo-2.24.33-9.oe2203sp1.x86_64", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-debugsource-2.24.33-9.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-debugsource-2.24.33-9.oe2203sp1.x86_64", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-devel-2.24.33-9.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-devel-2.24.33-9.oe2203sp1.x86_64", + "name":"gtk2-devel-2.24.33-9.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-help-2.24.33-9.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-help-2.24.33-9.oe2203sp1.x86_64", + "name":"gtk2-help-2.24.33-9.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-immodule-xim-2.24.33-9.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-immodule-xim-2.24.33-9.oe2203sp1.x86_64", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-2.24.33-10.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.x86_64", + "name":"gtk2-2.24.33-10.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-debuginfo-2.24.33-10.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-debuginfo-2.24.33-10.oe2403.x86_64", + "name":"gtk2-debuginfo-2.24.33-10.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-debugsource-2.24.33-10.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-debugsource-2.24.33-10.oe2403.x86_64", + "name":"gtk2-debugsource-2.24.33-10.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-devel-2.24.33-10.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-devel-2.24.33-10.oe2403.x86_64", + "name":"gtk2-devel-2.24.33-10.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-help-2.24.33-10.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-help-2.24.33-10.oe2403.x86_64", + "name":"gtk2-help-2.24.33-10.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-immodule-xim-2.24.33-10.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-immodule-xim-2.24.33-10.oe2403.x86_64", + "name":"gtk2-immodule-xim-2.24.33-10.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-2.24.33-9.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.x86_64", + "name":"gtk2-2.24.33-9.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-debuginfo-2.24.33-9.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-debuginfo-2.24.33-9.oe2203sp4.x86_64", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-debugsource-2.24.33-9.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-debugsource-2.24.33-9.oe2203sp4.x86_64", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-devel-2.24.33-9.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-devel-2.24.33-9.oe2203sp4.x86_64", + "name":"gtk2-devel-2.24.33-9.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-help-2.24.33-9.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-help-2.24.33-9.oe2203sp4.x86_64", + "name":"gtk2-help-2.24.33-9.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-immodule-xim-2.24.33-9.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-immodule-xim-2.24.33-9.oe2203sp4.x86_64", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-2.24.33-9.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.x86_64", + "name":"gtk2-2.24.33-9.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-debuginfo-2.24.33-9.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-debuginfo-2.24.33-9.oe2203sp3.x86_64", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-debugsource-2.24.33-9.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-debugsource-2.24.33-9.oe2203sp3.x86_64", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-devel-2.24.33-9.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-devel-2.24.33-9.oe2203sp3.x86_64", + "name":"gtk2-devel-2.24.33-9.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-help-2.24.33-9.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-help-2.24.33-9.oe2203sp3.x86_64", + "name":"gtk2-help-2.24.33-9.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-immodule-xim-2.24.33-9.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-immodule-xim-2.24.33-9.oe2203sp3.x86_64", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-2.24.32-11.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.aarch64", + "name":"gtk2-2.24.32-11.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-debuginfo-2.24.32-11.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-debuginfo-2.24.32-11.oe2003sp4.aarch64", + "name":"gtk2-debuginfo-2.24.32-11.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-debugsource-2.24.32-11.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-debugsource-2.24.32-11.oe2003sp4.aarch64", + "name":"gtk2-debugsource-2.24.32-11.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-devel-2.24.32-11.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-devel-2.24.32-11.oe2003sp4.aarch64", + "name":"gtk2-devel-2.24.32-11.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-help-2.24.32-11.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-help-2.24.32-11.oe2003sp4.aarch64", + "name":"gtk2-help-2.24.32-11.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk2-immodule-xim-2.24.32-11.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk2-immodule-xim-2.24.32-11.oe2003sp4.aarch64", + "name":"gtk2-immodule-xim-2.24.32-11.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-2.24.33-9.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.aarch64", + "name":"gtk2-2.24.33-9.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-debuginfo-2.24.33-9.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-debuginfo-2.24.33-9.oe2203sp1.aarch64", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-debugsource-2.24.33-9.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-debugsource-2.24.33-9.oe2203sp1.aarch64", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-devel-2.24.33-9.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-devel-2.24.33-9.oe2203sp1.aarch64", + "name":"gtk2-devel-2.24.33-9.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-help-2.24.33-9.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-help-2.24.33-9.oe2203sp1.aarch64", + "name":"gtk2-help-2.24.33-9.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk2-immodule-xim-2.24.33-9.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk2-immodule-xim-2.24.33-9.oe2203sp1.aarch64", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-2.24.33-10.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.aarch64", + "name":"gtk2-2.24.33-10.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-debuginfo-2.24.33-10.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-debuginfo-2.24.33-10.oe2403.aarch64", + "name":"gtk2-debuginfo-2.24.33-10.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-debugsource-2.24.33-10.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-debugsource-2.24.33-10.oe2403.aarch64", + "name":"gtk2-debugsource-2.24.33-10.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-devel-2.24.33-10.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-devel-2.24.33-10.oe2403.aarch64", + "name":"gtk2-devel-2.24.33-10.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-help-2.24.33-10.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-help-2.24.33-10.oe2403.aarch64", + "name":"gtk2-help-2.24.33-10.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk2-immodule-xim-2.24.33-10.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk2-immodule-xim-2.24.33-10.oe2403.aarch64", + "name":"gtk2-immodule-xim-2.24.33-10.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-2.24.33-9.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.aarch64", + "name":"gtk2-2.24.33-9.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-debuginfo-2.24.33-9.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-debuginfo-2.24.33-9.oe2203sp4.aarch64", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-debugsource-2.24.33-9.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-debugsource-2.24.33-9.oe2203sp4.aarch64", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-devel-2.24.33-9.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-devel-2.24.33-9.oe2203sp4.aarch64", + "name":"gtk2-devel-2.24.33-9.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-help-2.24.33-9.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-help-2.24.33-9.oe2203sp4.aarch64", + "name":"gtk2-help-2.24.33-9.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk2-immodule-xim-2.24.33-9.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk2-immodule-xim-2.24.33-9.oe2203sp4.aarch64", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-2.24.33-9.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.aarch64", + "name":"gtk2-2.24.33-9.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-debuginfo-2.24.33-9.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-debuginfo-2.24.33-9.oe2203sp3.aarch64", + "name":"gtk2-debuginfo-2.24.33-9.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-debugsource-2.24.33-9.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-debugsource-2.24.33-9.oe2203sp3.aarch64", + "name":"gtk2-debugsource-2.24.33-9.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-devel-2.24.33-9.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-devel-2.24.33-9.oe2203sp3.aarch64", + "name":"gtk2-devel-2.24.33-9.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-help-2.24.33-9.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-help-2.24.33-9.oe2203sp3.aarch64", + "name":"gtk2-help-2.24.33-9.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk2-immodule-xim-2.24.33-9.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk2-immodule-xim-2.24.33-9.oe2203sp3.aarch64", + "name":"gtk2-immodule-xim-2.24.33-9.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-6655", + "notes":[ + { + "text":"A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.src", + "openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.src", + "openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-debuginfo-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-debugsource-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-devel-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-help-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-immodule-xim-2.24.32-11.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-debuginfo-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-debugsource-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-devel-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-help-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-immodule-xim-2.24.33-9.oe2203sp1.x86_64", + "openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-debuginfo-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-debugsource-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-devel-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-help-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-immodule-xim-2.24.33-10.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-debuginfo-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-debugsource-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-devel-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-help-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-immodule-xim-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-debuginfo-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-debugsource-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-devel-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-help-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-immodule-xim-2.24.33-9.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-debuginfo-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-debugsource-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-devel-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-help-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-immodule-xim-2.24.32-11.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-debuginfo-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-debugsource-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-devel-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-help-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-immodule-xim-2.24.33-9.oe2203sp1.aarch64", + "openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-debuginfo-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-debugsource-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-devel-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-help-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-immodule-xim-2.24.33-10.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-debuginfo-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-debugsource-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-devel-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-help-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-immodule-xim-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-debuginfo-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-debugsource-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-devel-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-help-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-immodule-xim-2.24.33-9.oe2203sp3.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.src", + "openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.src", + "openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-debuginfo-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-debugsource-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-devel-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-help-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-immodule-xim-2.24.32-11.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-debuginfo-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-debugsource-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-devel-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-help-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-immodule-xim-2.24.33-9.oe2203sp1.x86_64", + "openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-debuginfo-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-debugsource-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-devel-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-help-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-immodule-xim-2.24.33-10.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-debuginfo-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-debugsource-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-devel-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-help-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-immodule-xim-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-debuginfo-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-debugsource-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-devel-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-help-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-immodule-xim-2.24.33-9.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-debuginfo-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-debugsource-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-devel-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-help-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-immodule-xim-2.24.32-11.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-debuginfo-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-debugsource-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-devel-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-help-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-immodule-xim-2.24.33-9.oe2203sp1.aarch64", + "openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-debuginfo-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-debugsource-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-devel-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-help-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-immodule-xim-2.24.33-10.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-debuginfo-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-debugsource-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-devel-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-help-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-immodule-xim-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-debuginfo-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-debugsource-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-devel-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-help-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-immodule-xim-2.24.33-9.oe2203sp3.aarch64" + ], + "details":"gtk2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1886" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.0, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.src", + "openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.src", + "openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-debuginfo-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-debugsource-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-devel-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-help-2.24.32-11.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-immodule-xim-2.24.32-11.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-debuginfo-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-debugsource-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-devel-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-help-2.24.33-9.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk2-immodule-xim-2.24.33-9.oe2203sp1.x86_64", + "openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-debuginfo-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-debugsource-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-devel-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-help-2.24.33-10.oe2403.x86_64", + "openEuler-24.03-LTS:gtk2-immodule-xim-2.24.33-10.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-debuginfo-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-debugsource-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-devel-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-help-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk2-immodule-xim-2.24.33-9.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-debuginfo-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-debugsource-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-devel-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-help-2.24.33-9.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk2-immodule-xim-2.24.33-9.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:gtk2-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-debuginfo-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-debugsource-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-devel-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-help-2.24.32-11.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk2-immodule-xim-2.24.32-11.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-debuginfo-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-debugsource-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-devel-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-help-2.24.33-9.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk2-immodule-xim-2.24.33-9.oe2203sp1.aarch64", + "openEuler-24.03-LTS:gtk2-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-debuginfo-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-debugsource-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-devel-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-help-2.24.33-10.oe2403.aarch64", + "openEuler-24.03-LTS:gtk2-immodule-xim-2.24.33-10.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-debuginfo-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-debugsource-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-devel-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-help-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk2-immodule-xim-2.24.33-9.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-debuginfo-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-debugsource-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-devel-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-help-2.24.33-9.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk2-immodule-xim-2.24.33-9.oe2203sp3.aarch64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-6655" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1887.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1887.json new file mode 100644 index 0000000..6f4812b --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1887.json @@ -0,0 +1,253 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"python-zipp security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for python-zipp is now available for openEuler-24.03-LTS", + "category":"general", + "title":"Summary" + }, + { + "text":"A pathlib-compatible Zipfile object wrapper. A backport of the Path object.\n\nSecurity Fix(es):\n\nA Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.(CVE-2024-5569)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for python-zipp is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"python-zipp", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1887", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1887" + }, + { + "summary":"CVE-2024-5569", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5569&packageName=python-zipp" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5569" + }, + { + "summary":"openEuler-SA-2024-1887 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1887.json" + } + ], + "title":"An update for python-zipp is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:31+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:31+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:31+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:31+08:00", + "id":"openEuler-SA-2024-1887", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python-zipp-3.17.0-2.oe2403.src.rpm", + "name":"python-zipp-3.17.0-2.oe2403.src.rpm" + }, + "name":"python-zipp-3.17.0-2.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python-zipp-help-3.17.0-2.oe2403.noarch.rpm", + "name":"python-zipp-help-3.17.0-2.oe2403.noarch.rpm" + }, + "name":"python-zipp-help-3.17.0-2.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-zipp-3.17.0-2.oe2403.noarch.rpm", + "name":"python3-zipp-3.17.0-2.oe2403.noarch.rpm" + }, + "name":"python3-zipp-3.17.0-2.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python-zipp-3.17.0-2.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python-zipp-3.17.0-2.oe2403.src", + "name":"python-zipp-3.17.0-2.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python-zipp-help-3.17.0-2.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python-zipp-help-3.17.0-2.oe2403.noarch", + "name":"python-zipp-help-3.17.0-2.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-zipp-3.17.0-2.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-zipp-3.17.0-2.oe2403.noarch", + "name":"python3-zipp-3.17.0-2.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-5569", + "notes":[ + { + "text":"A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:python-zipp-3.17.0-2.oe2403.src", + "openEuler-24.03-LTS:python-zipp-help-3.17.0-2.oe2403.noarch", + "openEuler-24.03-LTS:python3-zipp-3.17.0-2.oe2403.noarch" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:python-zipp-3.17.0-2.oe2403.src", + "openEuler-24.03-LTS:python-zipp-help-3.17.0-2.oe2403.noarch", + "openEuler-24.03-LTS:python3-zipp-3.17.0-2.oe2403.noarch" + ], + "details":"python-zipp security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1887" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.2, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:python-zipp-3.17.0-2.oe2403.src", + "openEuler-24.03-LTS:python-zipp-help-3.17.0-2.oe2403.noarch", + "openEuler-24.03-LTS:python3-zipp-3.17.0-2.oe2403.noarch" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-5569" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1888.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1888.json new file mode 100644 index 0000000..5a8f02a --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1888.json @@ -0,0 +1,253 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"python-zipp security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for python-zipp is now available for openEuler-22.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"A pathlib-compatible Zipfile object wrapper. A backport of the Path object.\n\nSecurity Fix(es):\n\nA Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.(CVE-2024-5569)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for python-zipp is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"python-zipp", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1888", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1888" + }, + { + "summary":"CVE-2024-5569", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5569&packageName=python-zipp" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5569" + }, + { + "summary":"openEuler-SA-2024-1888 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1888.json" + } + ], + "title":"An update for python-zipp is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:32+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:32+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:32+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:32+08:00", + "id":"openEuler-SA-2024-1888", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python-zipp-3.7.0-3.oe2203sp4.src.rpm", + "name":"python-zipp-3.7.0-3.oe2203sp4.src.rpm" + }, + "name":"python-zipp-3.7.0-3.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python-zipp-help-3.7.0-3.oe2203sp4.noarch.rpm", + "name":"python-zipp-help-3.7.0-3.oe2203sp4.noarch.rpm" + }, + "name":"python-zipp-help-3.7.0-3.oe2203sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python3-zipp-3.7.0-3.oe2203sp4.noarch.rpm", + "name":"python3-zipp-3.7.0-3.oe2203sp4.noarch.rpm" + }, + "name":"python3-zipp-3.7.0-3.oe2203sp4.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python-zipp-3.7.0-3.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python-zipp-3.7.0-3.oe2203sp4.src", + "name":"python-zipp-3.7.0-3.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python-zipp-help-3.7.0-3.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python-zipp-help-3.7.0-3.oe2203sp4.noarch", + "name":"python-zipp-help-3.7.0-3.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python3-zipp-3.7.0-3.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python3-zipp-3.7.0-3.oe2203sp4.noarch", + "name":"python3-zipp-3.7.0-3.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-5569", + "notes":[ + { + "text":"A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:python-zipp-3.7.0-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:python-zipp-help-3.7.0-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python3-zipp-3.7.0-3.oe2203sp4.noarch" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:python-zipp-3.7.0-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:python-zipp-help-3.7.0-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python3-zipp-3.7.0-3.oe2203sp4.noarch" + ], + "details":"python-zipp security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1888" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.2, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:python-zipp-3.7.0-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:python-zipp-help-3.7.0-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python3-zipp-3.7.0-3.oe2203sp4.noarch" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-5569" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1889.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1889.json new file mode 100644 index 0000000..a4d17a3 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1889.json @@ -0,0 +1,253 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"python-zipp security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for python-zipp is now available for openEuler-22.03-LTS-SP3", + "category":"general", + "title":"Summary" + }, + { + "text":"A pathlib-compatible Zipfile object wrapper. A backport of the Path object.\n\nSecurity Fix(es):\n\nA Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.(CVE-2024-5569)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for python-zipp is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"python-zipp", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1889", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1889" + }, + { + "summary":"CVE-2024-5569", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5569&packageName=python-zipp" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5569" + }, + { + "summary":"openEuler-SA-2024-1889 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1889.json" + } + ], + "title":"An update for python-zipp is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:33+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:33+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:33+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:33+08:00", + "id":"openEuler-SA-2024-1889", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python-zipp-3.7.0-3.oe2203sp3.src.rpm", + "name":"python-zipp-3.7.0-3.oe2203sp3.src.rpm" + }, + "name":"python-zipp-3.7.0-3.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python-zipp-help-3.7.0-3.oe2203sp3.noarch.rpm", + "name":"python-zipp-help-3.7.0-3.oe2203sp3.noarch.rpm" + }, + "name":"python-zipp-help-3.7.0-3.oe2203sp3.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-zipp-3.7.0-3.oe2203sp3.noarch.rpm", + "name":"python3-zipp-3.7.0-3.oe2203sp3.noarch.rpm" + }, + "name":"python3-zipp-3.7.0-3.oe2203sp3.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python-zipp-3.7.0-3.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python-zipp-3.7.0-3.oe2203sp3.src", + "name":"python-zipp-3.7.0-3.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python-zipp-help-3.7.0-3.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python-zipp-help-3.7.0-3.oe2203sp3.noarch", + "name":"python-zipp-help-3.7.0-3.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-zipp-3.7.0-3.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-zipp-3.7.0-3.oe2203sp3.noarch", + "name":"python3-zipp-3.7.0-3.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-5569", + "notes":[ + { + "text":"A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:python-zipp-3.7.0-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python-zipp-help-3.7.0-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python3-zipp-3.7.0-3.oe2203sp3.noarch" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:python-zipp-3.7.0-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python-zipp-help-3.7.0-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python3-zipp-3.7.0-3.oe2203sp3.noarch" + ], + "details":"python-zipp security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1889" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.2, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:python-zipp-3.7.0-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python-zipp-help-3.7.0-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python3-zipp-3.7.0-3.oe2203sp3.noarch" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-5569" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1890.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1890.json new file mode 100644 index 0000000..7965fe3 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1890.json @@ -0,0 +1,253 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"python-zipp security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for python-zipp is now available for openEuler-22.03-LTS-SP1", + "category":"general", + "title":"Summary" + }, + { + "text":"A pathlib-compatible Zipfile object wrapper. A backport of the Path object.\n\nSecurity Fix(es):\n\nA Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.(CVE-2024-5569)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for python-zipp is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"python-zipp", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1890", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1890" + }, + { + "summary":"CVE-2024-5569", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5569&packageName=python-zipp" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5569" + }, + { + "summary":"openEuler-SA-2024-1890 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1890.json" + } + ], + "title":"An update for python-zipp is now available for openEuler-22.03-LTS-SP1", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:34+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:34+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:34+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:34+08:00", + "id":"openEuler-SA-2024-1890", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python-zipp-3.7.0-3.oe2203sp1.src.rpm", + "name":"python-zipp-3.7.0-3.oe2203sp1.src.rpm" + }, + "name":"python-zipp-3.7.0-3.oe2203sp1.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python-zipp-help-3.7.0-3.oe2203sp1.noarch.rpm", + "name":"python-zipp-help-3.7.0-3.oe2203sp1.noarch.rpm" + }, + "name":"python-zipp-help-3.7.0-3.oe2203sp1.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-zipp-3.7.0-3.oe2203sp1.noarch.rpm", + "name":"python3-zipp-3.7.0-3.oe2203sp1.noarch.rpm" + }, + "name":"python3-zipp-3.7.0-3.oe2203sp1.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python-zipp-3.7.0-3.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python-zipp-3.7.0-3.oe2203sp1.src", + "name":"python-zipp-3.7.0-3.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python-zipp-help-3.7.0-3.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python-zipp-help-3.7.0-3.oe2203sp1.noarch", + "name":"python-zipp-help-3.7.0-3.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-zipp-3.7.0-3.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-zipp-3.7.0-3.oe2203sp1.noarch", + "name":"python3-zipp-3.7.0-3.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-5569", + "notes":[ + { + "text":"A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python-zipp-3.7.0-3.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python-zipp-help-3.7.0-3.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python3-zipp-3.7.0-3.oe2203sp1.noarch" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python-zipp-3.7.0-3.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python-zipp-help-3.7.0-3.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python3-zipp-3.7.0-3.oe2203sp1.noarch" + ], + "details":"python-zipp security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1890" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.2, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python-zipp-3.7.0-3.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python-zipp-help-3.7.0-3.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python3-zipp-3.7.0-3.oe2203sp1.noarch" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-5569" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1891.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1891.json new file mode 100644 index 0000000..7e1274a --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1891.json @@ -0,0 +1,1959 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mongo-c-driver security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mongo-c-driver is now available for openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS", + "category":"general", + "title":"Summary" + }, + { + "text":"mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents.\n\nSecurity Fix(es):\n\nThe bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2(CVE-2024-6381)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mongo-c-driver is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mongo-c-driver", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1891", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1891" + }, + { + "summary":"CVE-2024-6381", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6381&packageName=mongo-c-driver" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6381" + }, + { + "summary":"openEuler-SA-2024-1891 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1891.json" + } + ], + "title":"An update for mongo-c-driver is now available for openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:36+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:36+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:36+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:36+08:00", + "id":"openEuler-SA-2024-1891", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2203sp4.src.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2203sp4.src.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2203sp4.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2203sp3.src.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2203sp3.src.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2203sp3.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2003sp4.src.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2003sp4.src.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2003sp4.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2203sp1.src.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2203sp1.src.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2203sp1.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2403.src.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2403.src.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"libbson-1.27.4-1.oe2203sp4.aarch64.rpm", + "name":"libbson-1.27.4-1.oe2203sp4.aarch64.rpm" + }, + "name":"libbson-1.27.4-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"libbson-devel-1.27.4-1.oe2203sp4.aarch64.rpm", + "name":"libbson-devel-1.27.4-1.oe2203sp4.aarch64.rpm" + }, + "name":"libbson-devel-1.27.4-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2203sp4.aarch64.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2203sp4.aarch64.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64.rpm", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64.rpm" + }, + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64.rpm", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64.rpm" + }, + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64.rpm", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64.rpm" + }, + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64.rpm", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64.rpm" + }, + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"libbson-1.27.4-1.oe2203sp3.aarch64.rpm", + "name":"libbson-1.27.4-1.oe2203sp3.aarch64.rpm" + }, + "name":"libbson-1.27.4-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"libbson-devel-1.27.4-1.oe2203sp3.aarch64.rpm", + "name":"libbson-devel-1.27.4-1.oe2203sp3.aarch64.rpm" + }, + "name":"libbson-devel-1.27.4-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2203sp3.aarch64.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2203sp3.aarch64.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64.rpm", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64.rpm" + }, + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64.rpm", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64.rpm" + }, + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64.rpm", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64.rpm" + }, + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64.rpm", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64.rpm" + }, + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"libbson-1.27.4-1.oe2003sp4.aarch64.rpm", + "name":"libbson-1.27.4-1.oe2003sp4.aarch64.rpm" + }, + "name":"libbson-1.27.4-1.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"libbson-devel-1.27.4-1.oe2003sp4.aarch64.rpm", + "name":"libbson-devel-1.27.4-1.oe2003sp4.aarch64.rpm" + }, + "name":"libbson-devel-1.27.4-1.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2003sp4.aarch64.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2003sp4.aarch64.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64.rpm", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64.rpm" + }, + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64.rpm", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64.rpm" + }, + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64.rpm", + "name":"mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64.rpm" + }, + "name":"mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64.rpm", + "name":"mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64.rpm" + }, + "name":"mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"libbson-1.27.4-1.oe2203sp1.aarch64.rpm", + "name":"libbson-1.27.4-1.oe2203sp1.aarch64.rpm" + }, + "name":"libbson-1.27.4-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"libbson-devel-1.27.4-1.oe2203sp1.aarch64.rpm", + "name":"libbson-devel-1.27.4-1.oe2203sp1.aarch64.rpm" + }, + "name":"libbson-devel-1.27.4-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2203sp1.aarch64.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2203sp1.aarch64.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64.rpm", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64.rpm" + }, + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64.rpm", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64.rpm" + }, + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64.rpm", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64.rpm" + }, + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64.rpm", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64.rpm" + }, + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libbson-1.27.4-1.oe2403.aarch64.rpm", + "name":"libbson-1.27.4-1.oe2403.aarch64.rpm" + }, + "name":"libbson-1.27.4-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libbson-devel-1.27.4-1.oe2403.aarch64.rpm", + "name":"libbson-devel-1.27.4-1.oe2403.aarch64.rpm" + }, + "name":"libbson-devel-1.27.4-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2403.aarch64.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2403.aarch64.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64.rpm", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64.rpm" + }, + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64.rpm", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64.rpm" + }, + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-devel-1.27.4-1.oe2403.aarch64.rpm", + "name":"mongo-c-driver-devel-1.27.4-1.oe2403.aarch64.rpm" + }, + "name":"mongo-c-driver-devel-1.27.4-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-help-1.27.4-1.oe2403.aarch64.rpm", + "name":"mongo-c-driver-help-1.27.4-1.oe2403.aarch64.rpm" + }, + "name":"mongo-c-driver-help-1.27.4-1.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"libbson-1.27.4-1.oe2203sp4.x86_64.rpm", + "name":"libbson-1.27.4-1.oe2203sp4.x86_64.rpm" + }, + "name":"libbson-1.27.4-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"libbson-devel-1.27.4-1.oe2203sp4.x86_64.rpm", + "name":"libbson-devel-1.27.4-1.oe2203sp4.x86_64.rpm" + }, + "name":"libbson-devel-1.27.4-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2203sp4.x86_64.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2203sp4.x86_64.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64.rpm", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64.rpm" + }, + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64.rpm", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64.rpm" + }, + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64.rpm", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64.rpm" + }, + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64.rpm", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64.rpm" + }, + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"libbson-1.27.4-1.oe2203sp3.x86_64.rpm", + "name":"libbson-1.27.4-1.oe2203sp3.x86_64.rpm" + }, + "name":"libbson-1.27.4-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"libbson-devel-1.27.4-1.oe2203sp3.x86_64.rpm", + "name":"libbson-devel-1.27.4-1.oe2203sp3.x86_64.rpm" + }, + "name":"libbson-devel-1.27.4-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2203sp3.x86_64.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2203sp3.x86_64.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64.rpm", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64.rpm" + }, + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64.rpm", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64.rpm" + }, + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64.rpm", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64.rpm" + }, + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64.rpm", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64.rpm" + }, + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"libbson-1.27.4-1.oe2003sp4.x86_64.rpm", + "name":"libbson-1.27.4-1.oe2003sp4.x86_64.rpm" + }, + "name":"libbson-1.27.4-1.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"libbson-devel-1.27.4-1.oe2003sp4.x86_64.rpm", + "name":"libbson-devel-1.27.4-1.oe2003sp4.x86_64.rpm" + }, + "name":"libbson-devel-1.27.4-1.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2003sp4.x86_64.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2003sp4.x86_64.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64.rpm", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64.rpm" + }, + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64.rpm", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64.rpm" + }, + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64.rpm", + "name":"mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64.rpm" + }, + "name":"mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64.rpm", + "name":"mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64.rpm" + }, + "name":"mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"libbson-1.27.4-1.oe2203sp1.x86_64.rpm", + "name":"libbson-1.27.4-1.oe2203sp1.x86_64.rpm" + }, + "name":"libbson-1.27.4-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"libbson-devel-1.27.4-1.oe2203sp1.x86_64.rpm", + "name":"libbson-devel-1.27.4-1.oe2203sp1.x86_64.rpm" + }, + "name":"libbson-devel-1.27.4-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2203sp1.x86_64.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2203sp1.x86_64.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64.rpm", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64.rpm" + }, + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64.rpm", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64.rpm" + }, + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64.rpm", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64.rpm" + }, + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64.rpm", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64.rpm" + }, + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libbson-1.27.4-1.oe2403.x86_64.rpm", + "name":"libbson-1.27.4-1.oe2403.x86_64.rpm" + }, + "name":"libbson-1.27.4-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libbson-devel-1.27.4-1.oe2403.x86_64.rpm", + "name":"libbson-devel-1.27.4-1.oe2403.x86_64.rpm" + }, + "name":"libbson-devel-1.27.4-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-1.27.4-1.oe2403.x86_64.rpm", + "name":"mongo-c-driver-1.27.4-1.oe2403.x86_64.rpm" + }, + "name":"mongo-c-driver-1.27.4-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64.rpm", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64.rpm" + }, + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64.rpm", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64.rpm" + }, + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-devel-1.27.4-1.oe2403.x86_64.rpm", + "name":"mongo-c-driver-devel-1.27.4-1.oe2403.x86_64.rpm" + }, + "name":"mongo-c-driver-devel-1.27.4-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mongo-c-driver-help-1.27.4-1.oe2403.x86_64.rpm", + "name":"mongo-c-driver-help-1.27.4-1.oe2403.x86_64.rpm" + }, + "name":"mongo-c-driver-help-1.27.4-1.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-1.27.4-1.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.src", + "name":"mongo-c-driver-1.27.4-1.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-1.27.4-1.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.src", + "name":"mongo-c-driver-1.27.4-1.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-1.27.4-1.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.src", + "name":"mongo-c-driver-1.27.4-1.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-1.27.4-1.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.src", + "name":"mongo-c-driver-1.27.4-1.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-1.27.4-1.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.src", + "name":"mongo-c-driver-1.27.4-1.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"libbson-1.27.4-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:libbson-1.27.4-1.oe2203sp4.aarch64", + "name":"libbson-1.27.4-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"libbson-devel-1.27.4-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:libbson-devel-1.27.4-1.oe2203sp4.aarch64", + "name":"libbson-devel-1.27.4-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-1.27.4-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.aarch64", + "name":"mongo-c-driver-1.27.4-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"libbson-1.27.4-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:libbson-1.27.4-1.oe2203sp3.aarch64", + "name":"libbson-1.27.4-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"libbson-devel-1.27.4-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:libbson-devel-1.27.4-1.oe2203sp3.aarch64", + "name":"libbson-devel-1.27.4-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-1.27.4-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.aarch64", + "name":"mongo-c-driver-1.27.4-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"libbson-1.27.4-1.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:libbson-1.27.4-1.oe2003sp4.aarch64", + "name":"libbson-1.27.4-1.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"libbson-devel-1.27.4-1.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:libbson-devel-1.27.4-1.oe2003sp4.aarch64", + "name":"libbson-devel-1.27.4-1.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-1.27.4-1.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.aarch64", + "name":"mongo-c-driver-1.27.4-1.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64", + "name":"mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64", + "name":"mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"libbson-1.27.4-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:libbson-1.27.4-1.oe2203sp1.aarch64", + "name":"libbson-1.27.4-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"libbson-devel-1.27.4-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:libbson-devel-1.27.4-1.oe2203sp1.aarch64", + "name":"libbson-devel-1.27.4-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-1.27.4-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.aarch64", + "name":"mongo-c-driver-1.27.4-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libbson-1.27.4-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libbson-1.27.4-1.oe2403.aarch64", + "name":"libbson-1.27.4-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libbson-devel-1.27.4-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libbson-devel-1.27.4-1.oe2403.aarch64", + "name":"libbson-devel-1.27.4-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-1.27.4-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.aarch64", + "name":"mongo-c-driver-1.27.4-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-devel-1.27.4-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-devel-1.27.4-1.oe2403.aarch64", + "name":"mongo-c-driver-devel-1.27.4-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-help-1.27.4-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-help-1.27.4-1.oe2403.aarch64", + "name":"mongo-c-driver-help-1.27.4-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"libbson-1.27.4-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:libbson-1.27.4-1.oe2203sp4.x86_64", + "name":"libbson-1.27.4-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"libbson-devel-1.27.4-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:libbson-devel-1.27.4-1.oe2203sp4.x86_64", + "name":"libbson-devel-1.27.4-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-1.27.4-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.x86_64", + "name":"mongo-c-driver-1.27.4-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"libbson-1.27.4-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:libbson-1.27.4-1.oe2203sp3.x86_64", + "name":"libbson-1.27.4-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"libbson-devel-1.27.4-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:libbson-devel-1.27.4-1.oe2203sp3.x86_64", + "name":"libbson-devel-1.27.4-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-1.27.4-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.x86_64", + "name":"mongo-c-driver-1.27.4-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"libbson-1.27.4-1.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:libbson-1.27.4-1.oe2003sp4.x86_64", + "name":"libbson-1.27.4-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"libbson-devel-1.27.4-1.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:libbson-devel-1.27.4-1.oe2003sp4.x86_64", + "name":"libbson-devel-1.27.4-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-1.27.4-1.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.x86_64", + "name":"mongo-c-driver-1.27.4-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64", + "name":"mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64", + "name":"mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"libbson-1.27.4-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:libbson-1.27.4-1.oe2203sp1.x86_64", + "name":"libbson-1.27.4-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"libbson-devel-1.27.4-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:libbson-devel-1.27.4-1.oe2203sp1.x86_64", + "name":"libbson-devel-1.27.4-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-1.27.4-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.x86_64", + "name":"mongo-c-driver-1.27.4-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64", + "name":"mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64", + "name":"mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libbson-1.27.4-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libbson-1.27.4-1.oe2403.x86_64", + "name":"libbson-1.27.4-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libbson-devel-1.27.4-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libbson-devel-1.27.4-1.oe2403.x86_64", + "name":"libbson-devel-1.27.4-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-1.27.4-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.x86_64", + "name":"mongo-c-driver-1.27.4-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64", + "name":"mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64", + "name":"mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-devel-1.27.4-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-devel-1.27.4-1.oe2403.x86_64", + "name":"mongo-c-driver-devel-1.27.4-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mongo-c-driver-help-1.27.4-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mongo-c-driver-help-1.27.4-1.oe2403.x86_64", + "name":"mongo-c-driver-help-1.27.4-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-6381", + "notes":[ + { + "text":"The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.src", + "openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.src", + "openEuler-22.03-LTS-SP4:libbson-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:libbson-devel-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:libbson-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:libbson-devel-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64", + "openEuler-20.03-LTS-SP4:libbson-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:libbson-devel-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:libbson-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:libbson-devel-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64", + "openEuler-24.03-LTS:libbson-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:libbson-devel-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-devel-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-help-1.27.4-1.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:libbson-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:libbson-devel-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:libbson-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:libbson-devel-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:libbson-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:libbson-devel-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:libbson-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:libbson-devel-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64", + "openEuler-24.03-LTS:libbson-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:libbson-devel-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-devel-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-help-1.27.4-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.src", + "openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.src", + "openEuler-22.03-LTS-SP4:libbson-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:libbson-devel-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:libbson-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:libbson-devel-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64", + "openEuler-20.03-LTS-SP4:libbson-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:libbson-devel-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:libbson-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:libbson-devel-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64", + "openEuler-24.03-LTS:libbson-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:libbson-devel-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-devel-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-help-1.27.4-1.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:libbson-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:libbson-devel-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:libbson-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:libbson-devel-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:libbson-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:libbson-devel-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:libbson-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:libbson-devel-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64", + "openEuler-24.03-LTS:libbson-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:libbson-devel-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-devel-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-help-1.27.4-1.oe2403.x86_64" + ], + "details":"mongo-c-driver security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1891" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.0, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.src", + "openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.src", + "openEuler-22.03-LTS-SP4:libbson-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:libbson-devel-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:libbson-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:libbson-devel-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64", + "openEuler-20.03-LTS-SP4:libbson-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:libbson-devel-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:libbson-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:libbson-devel-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64", + "openEuler-24.03-LTS:libbson-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:libbson-devel-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-devel-1.27.4-1.oe2403.aarch64", + "openEuler-24.03-LTS:mongo-c-driver-help-1.27.4-1.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:libbson-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:libbson-devel-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:libbson-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:libbson-devel-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:libbson-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:libbson-devel-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:libbson-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:libbson-devel-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64", + "openEuler-24.03-LTS:libbson-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:libbson-devel-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-devel-1.27.4-1.oe2403.x86_64", + "openEuler-24.03-LTS:mongo-c-driver-help-1.27.4-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-6381" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1892.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1892.json new file mode 100644 index 0000000..cf40714 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1892.json @@ -0,0 +1,1913 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"gtk3 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for gtk3 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3", + "category":"general", + "title":"Summary" + }, + { + "text":"GTK+ is an object-oriented widget toolkit written in the programming language C; it has a C-based object-oriented architecture that allows for maximum flexibility. The GTK+ library contains a set of graphical control elements (widgets)for creating graphical user interfaces. This package contains version 3 of GTK+.\n\nSecurity Fix(es):\n\nA flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.(CVE-2024-6655)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for gtk3 is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"gtk3", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1892", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1892" + }, + { + "summary":"CVE-2024-6655", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6655&packageName=gtk3" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6655" + }, + { + "summary":"openEuler-SA-2024-1892 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1892.json" + } + ], + "title":"An update for gtk3 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:37+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:37+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:37+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:37+08:00", + "id":"openEuler-SA-2024-1892", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-3.24.21-6.oe2003sp4.src.rpm", + "name":"gtk3-3.24.21-6.oe2003sp4.src.rpm" + }, + "name":"gtk3-3.24.21-6.oe2003sp4.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-3.24.30-11.oe2203sp1.src.rpm", + "name":"gtk3-3.24.30-11.oe2203sp1.src.rpm" + }, + "name":"gtk3-3.24.30-11.oe2203sp1.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-3.24.41-2.oe2403.src.rpm", + "name":"gtk3-3.24.41-2.oe2403.src.rpm" + }, + "name":"gtk3-3.24.41-2.oe2403.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-3.24.30-11.oe2203sp4.src.rpm", + "name":"gtk3-3.24.30-11.oe2203sp4.src.rpm" + }, + "name":"gtk3-3.24.30-11.oe2203sp4.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-3.24.30-11.oe2203sp3.src.rpm", + "name":"gtk3-3.24.30-11.oe2203sp3.src.rpm" + }, + "name":"gtk3-3.24.30-11.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-3.24.21-6.oe2003sp4.x86_64.rpm", + "name":"gtk3-3.24.21-6.oe2003sp4.x86_64.rpm" + }, + "name":"gtk3-3.24.21-6.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-debuginfo-3.24.21-6.oe2003sp4.x86_64.rpm", + "name":"gtk3-debuginfo-3.24.21-6.oe2003sp4.x86_64.rpm" + }, + "name":"gtk3-debuginfo-3.24.21-6.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-debugsource-3.24.21-6.oe2003sp4.x86_64.rpm", + "name":"gtk3-debugsource-3.24.21-6.oe2003sp4.x86_64.rpm" + }, + "name":"gtk3-debugsource-3.24.21-6.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-devel-3.24.21-6.oe2003sp4.x86_64.rpm", + "name":"gtk3-devel-3.24.21-6.oe2003sp4.x86_64.rpm" + }, + "name":"gtk3-devel-3.24.21-6.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-help-3.24.21-6.oe2003sp4.x86_64.rpm", + "name":"gtk3-help-3.24.21-6.oe2003sp4.x86_64.rpm" + }, + "name":"gtk3-help-3.24.21-6.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-immodule-xim-3.24.21-6.oe2003sp4.x86_64.rpm", + "name":"gtk3-immodule-xim-3.24.21-6.oe2003sp4.x86_64.rpm" + }, + "name":"gtk3-immodule-xim-3.24.21-6.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk-update-icon-cache-3.24.30-11.oe2203sp1.x86_64.rpm", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp1.x86_64.rpm" + }, + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-3.24.30-11.oe2203sp1.x86_64.rpm", + "name":"gtk3-3.24.30-11.oe2203sp1.x86_64.rpm" + }, + "name":"gtk3-3.24.30-11.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-debuginfo-3.24.30-11.oe2203sp1.x86_64.rpm", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp1.x86_64.rpm" + }, + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-debugsource-3.24.30-11.oe2203sp1.x86_64.rpm", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp1.x86_64.rpm" + }, + "name":"gtk3-debugsource-3.24.30-11.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-devel-3.24.30-11.oe2203sp1.x86_64.rpm", + "name":"gtk3-devel-3.24.30-11.oe2203sp1.x86_64.rpm" + }, + "name":"gtk3-devel-3.24.30-11.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-help-3.24.30-11.oe2203sp1.x86_64.rpm", + "name":"gtk3-help-3.24.30-11.oe2203sp1.x86_64.rpm" + }, + "name":"gtk3-help-3.24.30-11.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-immodule-xim-3.24.30-11.oe2203sp1.x86_64.rpm", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp1.x86_64.rpm" + }, + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk-update-icon-cache-3.24.41-2.oe2403.x86_64.rpm", + "name":"gtk-update-icon-cache-3.24.41-2.oe2403.x86_64.rpm" + }, + "name":"gtk-update-icon-cache-3.24.41-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-3.24.41-2.oe2403.x86_64.rpm", + "name":"gtk3-3.24.41-2.oe2403.x86_64.rpm" + }, + "name":"gtk3-3.24.41-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-debuginfo-3.24.41-2.oe2403.x86_64.rpm", + "name":"gtk3-debuginfo-3.24.41-2.oe2403.x86_64.rpm" + }, + "name":"gtk3-debuginfo-3.24.41-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-debugsource-3.24.41-2.oe2403.x86_64.rpm", + "name":"gtk3-debugsource-3.24.41-2.oe2403.x86_64.rpm" + }, + "name":"gtk3-debugsource-3.24.41-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-devel-3.24.41-2.oe2403.x86_64.rpm", + "name":"gtk3-devel-3.24.41-2.oe2403.x86_64.rpm" + }, + "name":"gtk3-devel-3.24.41-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-help-3.24.41-2.oe2403.x86_64.rpm", + "name":"gtk3-help-3.24.41-2.oe2403.x86_64.rpm" + }, + "name":"gtk3-help-3.24.41-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-immodule-xim-3.24.41-2.oe2403.x86_64.rpm", + "name":"gtk3-immodule-xim-3.24.41-2.oe2403.x86_64.rpm" + }, + "name":"gtk3-immodule-xim-3.24.41-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk-update-icon-cache-3.24.30-11.oe2203sp4.x86_64.rpm", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp4.x86_64.rpm" + }, + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-3.24.30-11.oe2203sp4.x86_64.rpm", + "name":"gtk3-3.24.30-11.oe2203sp4.x86_64.rpm" + }, + "name":"gtk3-3.24.30-11.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-debuginfo-3.24.30-11.oe2203sp4.x86_64.rpm", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp4.x86_64.rpm" + }, + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-debugsource-3.24.30-11.oe2203sp4.x86_64.rpm", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp4.x86_64.rpm" + }, + "name":"gtk3-debugsource-3.24.30-11.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-devel-3.24.30-11.oe2203sp4.x86_64.rpm", + "name":"gtk3-devel-3.24.30-11.oe2203sp4.x86_64.rpm" + }, + "name":"gtk3-devel-3.24.30-11.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-help-3.24.30-11.oe2203sp4.x86_64.rpm", + "name":"gtk3-help-3.24.30-11.oe2203sp4.x86_64.rpm" + }, + "name":"gtk3-help-3.24.30-11.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-immodule-xim-3.24.30-11.oe2203sp4.x86_64.rpm", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp4.x86_64.rpm" + }, + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk-update-icon-cache-3.24.30-11.oe2203sp3.x86_64.rpm", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp3.x86_64.rpm" + }, + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-3.24.30-11.oe2203sp3.x86_64.rpm", + "name":"gtk3-3.24.30-11.oe2203sp3.x86_64.rpm" + }, + "name":"gtk3-3.24.30-11.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-debuginfo-3.24.30-11.oe2203sp3.x86_64.rpm", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp3.x86_64.rpm" + }, + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-debugsource-3.24.30-11.oe2203sp3.x86_64.rpm", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp3.x86_64.rpm" + }, + "name":"gtk3-debugsource-3.24.30-11.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-devel-3.24.30-11.oe2203sp3.x86_64.rpm", + "name":"gtk3-devel-3.24.30-11.oe2203sp3.x86_64.rpm" + }, + "name":"gtk3-devel-3.24.30-11.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-help-3.24.30-11.oe2203sp3.x86_64.rpm", + "name":"gtk3-help-3.24.30-11.oe2203sp3.x86_64.rpm" + }, + "name":"gtk3-help-3.24.30-11.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-immodule-xim-3.24.30-11.oe2203sp3.x86_64.rpm", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp3.x86_64.rpm" + }, + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-3.24.21-6.oe2003sp4.aarch64.rpm", + "name":"gtk3-3.24.21-6.oe2003sp4.aarch64.rpm" + }, + "name":"gtk3-3.24.21-6.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-debuginfo-3.24.21-6.oe2003sp4.aarch64.rpm", + "name":"gtk3-debuginfo-3.24.21-6.oe2003sp4.aarch64.rpm" + }, + "name":"gtk3-debuginfo-3.24.21-6.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-debugsource-3.24.21-6.oe2003sp4.aarch64.rpm", + "name":"gtk3-debugsource-3.24.21-6.oe2003sp4.aarch64.rpm" + }, + "name":"gtk3-debugsource-3.24.21-6.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-devel-3.24.21-6.oe2003sp4.aarch64.rpm", + "name":"gtk3-devel-3.24.21-6.oe2003sp4.aarch64.rpm" + }, + "name":"gtk3-devel-3.24.21-6.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-help-3.24.21-6.oe2003sp4.aarch64.rpm", + "name":"gtk3-help-3.24.21-6.oe2003sp4.aarch64.rpm" + }, + "name":"gtk3-help-3.24.21-6.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"gtk3-immodule-xim-3.24.21-6.oe2003sp4.aarch64.rpm", + "name":"gtk3-immodule-xim-3.24.21-6.oe2003sp4.aarch64.rpm" + }, + "name":"gtk3-immodule-xim-3.24.21-6.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk-update-icon-cache-3.24.30-11.oe2203sp1.aarch64.rpm", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp1.aarch64.rpm" + }, + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-3.24.30-11.oe2203sp1.aarch64.rpm", + "name":"gtk3-3.24.30-11.oe2203sp1.aarch64.rpm" + }, + "name":"gtk3-3.24.30-11.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-debuginfo-3.24.30-11.oe2203sp1.aarch64.rpm", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp1.aarch64.rpm" + }, + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-debugsource-3.24.30-11.oe2203sp1.aarch64.rpm", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp1.aarch64.rpm" + }, + "name":"gtk3-debugsource-3.24.30-11.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-devel-3.24.30-11.oe2203sp1.aarch64.rpm", + "name":"gtk3-devel-3.24.30-11.oe2203sp1.aarch64.rpm" + }, + "name":"gtk3-devel-3.24.30-11.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-help-3.24.30-11.oe2203sp1.aarch64.rpm", + "name":"gtk3-help-3.24.30-11.oe2203sp1.aarch64.rpm" + }, + "name":"gtk3-help-3.24.30-11.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"gtk3-immodule-xim-3.24.30-11.oe2203sp1.aarch64.rpm", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp1.aarch64.rpm" + }, + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk-update-icon-cache-3.24.41-2.oe2403.aarch64.rpm", + "name":"gtk-update-icon-cache-3.24.41-2.oe2403.aarch64.rpm" + }, + "name":"gtk-update-icon-cache-3.24.41-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-3.24.41-2.oe2403.aarch64.rpm", + "name":"gtk3-3.24.41-2.oe2403.aarch64.rpm" + }, + "name":"gtk3-3.24.41-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-debuginfo-3.24.41-2.oe2403.aarch64.rpm", + "name":"gtk3-debuginfo-3.24.41-2.oe2403.aarch64.rpm" + }, + "name":"gtk3-debuginfo-3.24.41-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-debugsource-3.24.41-2.oe2403.aarch64.rpm", + "name":"gtk3-debugsource-3.24.41-2.oe2403.aarch64.rpm" + }, + "name":"gtk3-debugsource-3.24.41-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-devel-3.24.41-2.oe2403.aarch64.rpm", + "name":"gtk3-devel-3.24.41-2.oe2403.aarch64.rpm" + }, + "name":"gtk3-devel-3.24.41-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-help-3.24.41-2.oe2403.aarch64.rpm", + "name":"gtk3-help-3.24.41-2.oe2403.aarch64.rpm" + }, + "name":"gtk3-help-3.24.41-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"gtk3-immodule-xim-3.24.41-2.oe2403.aarch64.rpm", + "name":"gtk3-immodule-xim-3.24.41-2.oe2403.aarch64.rpm" + }, + "name":"gtk3-immodule-xim-3.24.41-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk-update-icon-cache-3.24.30-11.oe2203sp4.aarch64.rpm", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp4.aarch64.rpm" + }, + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-3.24.30-11.oe2203sp4.aarch64.rpm", + "name":"gtk3-3.24.30-11.oe2203sp4.aarch64.rpm" + }, + "name":"gtk3-3.24.30-11.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-debuginfo-3.24.30-11.oe2203sp4.aarch64.rpm", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp4.aarch64.rpm" + }, + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-debugsource-3.24.30-11.oe2203sp4.aarch64.rpm", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp4.aarch64.rpm" + }, + "name":"gtk3-debugsource-3.24.30-11.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-devel-3.24.30-11.oe2203sp4.aarch64.rpm", + "name":"gtk3-devel-3.24.30-11.oe2203sp4.aarch64.rpm" + }, + "name":"gtk3-devel-3.24.30-11.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-help-3.24.30-11.oe2203sp4.aarch64.rpm", + "name":"gtk3-help-3.24.30-11.oe2203sp4.aarch64.rpm" + }, + "name":"gtk3-help-3.24.30-11.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"gtk3-immodule-xim-3.24.30-11.oe2203sp4.aarch64.rpm", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp4.aarch64.rpm" + }, + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk-update-icon-cache-3.24.30-11.oe2203sp3.aarch64.rpm", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp3.aarch64.rpm" + }, + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-3.24.30-11.oe2203sp3.aarch64.rpm", + "name":"gtk3-3.24.30-11.oe2203sp3.aarch64.rpm" + }, + "name":"gtk3-3.24.30-11.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-debuginfo-3.24.30-11.oe2203sp3.aarch64.rpm", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp3.aarch64.rpm" + }, + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-debugsource-3.24.30-11.oe2203sp3.aarch64.rpm", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp3.aarch64.rpm" + }, + "name":"gtk3-debugsource-3.24.30-11.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-devel-3.24.30-11.oe2203sp3.aarch64.rpm", + "name":"gtk3-devel-3.24.30-11.oe2203sp3.aarch64.rpm" + }, + "name":"gtk3-devel-3.24.30-11.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-help-3.24.30-11.oe2203sp3.aarch64.rpm", + "name":"gtk3-help-3.24.30-11.oe2203sp3.aarch64.rpm" + }, + "name":"gtk3-help-3.24.30-11.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"gtk3-immodule-xim-3.24.30-11.oe2203sp3.aarch64.rpm", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp3.aarch64.rpm" + }, + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-3.24.21-6.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.src", + "name":"gtk3-3.24.21-6.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-3.24.30-11.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.src", + "name":"gtk3-3.24.30-11.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-3.24.41-2.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.src", + "name":"gtk3-3.24.41-2.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-3.24.30-11.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.src", + "name":"gtk3-3.24.30-11.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-3.24.30-11.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.src", + "name":"gtk3-3.24.30-11.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-3.24.21-6.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.x86_64", + "name":"gtk3-3.24.21-6.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-debuginfo-3.24.21-6.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-debuginfo-3.24.21-6.oe2003sp4.x86_64", + "name":"gtk3-debuginfo-3.24.21-6.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-debugsource-3.24.21-6.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-debugsource-3.24.21-6.oe2003sp4.x86_64", + "name":"gtk3-debugsource-3.24.21-6.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-devel-3.24.21-6.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-devel-3.24.21-6.oe2003sp4.x86_64", + "name":"gtk3-devel-3.24.21-6.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-help-3.24.21-6.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-help-3.24.21-6.oe2003sp4.x86_64", + "name":"gtk3-help-3.24.21-6.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-immodule-xim-3.24.21-6.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-immodule-xim-3.24.21-6.oe2003sp4.x86_64", + "name":"gtk3-immodule-xim-3.24.21-6.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk-update-icon-cache-3.24.30-11.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk-update-icon-cache-3.24.30-11.oe2203sp1.x86_64", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-3.24.30-11.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.x86_64", + "name":"gtk3-3.24.30-11.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-debuginfo-3.24.30-11.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-debuginfo-3.24.30-11.oe2203sp1.x86_64", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-debugsource-3.24.30-11.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-debugsource-3.24.30-11.oe2203sp1.x86_64", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-devel-3.24.30-11.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-devel-3.24.30-11.oe2203sp1.x86_64", + "name":"gtk3-devel-3.24.30-11.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-help-3.24.30-11.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-help-3.24.30-11.oe2203sp1.x86_64", + "name":"gtk3-help-3.24.30-11.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-immodule-xim-3.24.30-11.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-immodule-xim-3.24.30-11.oe2203sp1.x86_64", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk-update-icon-cache-3.24.41-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk-update-icon-cache-3.24.41-2.oe2403.x86_64", + "name":"gtk-update-icon-cache-3.24.41-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-3.24.41-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.x86_64", + "name":"gtk3-3.24.41-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-debuginfo-3.24.41-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-debuginfo-3.24.41-2.oe2403.x86_64", + "name":"gtk3-debuginfo-3.24.41-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-debugsource-3.24.41-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-debugsource-3.24.41-2.oe2403.x86_64", + "name":"gtk3-debugsource-3.24.41-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-devel-3.24.41-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-devel-3.24.41-2.oe2403.x86_64", + "name":"gtk3-devel-3.24.41-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-help-3.24.41-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-help-3.24.41-2.oe2403.x86_64", + "name":"gtk3-help-3.24.41-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-immodule-xim-3.24.41-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-immodule-xim-3.24.41-2.oe2403.x86_64", + "name":"gtk3-immodule-xim-3.24.41-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk-update-icon-cache-3.24.30-11.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk-update-icon-cache-3.24.30-11.oe2203sp4.x86_64", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-3.24.30-11.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.x86_64", + "name":"gtk3-3.24.30-11.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-debuginfo-3.24.30-11.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-debuginfo-3.24.30-11.oe2203sp4.x86_64", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-debugsource-3.24.30-11.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-debugsource-3.24.30-11.oe2203sp4.x86_64", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-devel-3.24.30-11.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-devel-3.24.30-11.oe2203sp4.x86_64", + "name":"gtk3-devel-3.24.30-11.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-help-3.24.30-11.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-help-3.24.30-11.oe2203sp4.x86_64", + "name":"gtk3-help-3.24.30-11.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-immodule-xim-3.24.30-11.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-immodule-xim-3.24.30-11.oe2203sp4.x86_64", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk-update-icon-cache-3.24.30-11.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk-update-icon-cache-3.24.30-11.oe2203sp3.x86_64", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-3.24.30-11.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.x86_64", + "name":"gtk3-3.24.30-11.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-debuginfo-3.24.30-11.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-debuginfo-3.24.30-11.oe2203sp3.x86_64", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-debugsource-3.24.30-11.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-debugsource-3.24.30-11.oe2203sp3.x86_64", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-devel-3.24.30-11.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-devel-3.24.30-11.oe2203sp3.x86_64", + "name":"gtk3-devel-3.24.30-11.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-help-3.24.30-11.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-help-3.24.30-11.oe2203sp3.x86_64", + "name":"gtk3-help-3.24.30-11.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-immodule-xim-3.24.30-11.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-immodule-xim-3.24.30-11.oe2203sp3.x86_64", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-3.24.21-6.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.aarch64", + "name":"gtk3-3.24.21-6.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-debuginfo-3.24.21-6.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-debuginfo-3.24.21-6.oe2003sp4.aarch64", + "name":"gtk3-debuginfo-3.24.21-6.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-debugsource-3.24.21-6.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-debugsource-3.24.21-6.oe2003sp4.aarch64", + "name":"gtk3-debugsource-3.24.21-6.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-devel-3.24.21-6.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-devel-3.24.21-6.oe2003sp4.aarch64", + "name":"gtk3-devel-3.24.21-6.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-help-3.24.21-6.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-help-3.24.21-6.oe2003sp4.aarch64", + "name":"gtk3-help-3.24.21-6.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"gtk3-immodule-xim-3.24.21-6.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:gtk3-immodule-xim-3.24.21-6.oe2003sp4.aarch64", + "name":"gtk3-immodule-xim-3.24.21-6.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk-update-icon-cache-3.24.30-11.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk-update-icon-cache-3.24.30-11.oe2203sp1.aarch64", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-3.24.30-11.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.aarch64", + "name":"gtk3-3.24.30-11.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-debuginfo-3.24.30-11.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-debuginfo-3.24.30-11.oe2203sp1.aarch64", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-debugsource-3.24.30-11.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-debugsource-3.24.30-11.oe2203sp1.aarch64", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-devel-3.24.30-11.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-devel-3.24.30-11.oe2203sp1.aarch64", + "name":"gtk3-devel-3.24.30-11.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-help-3.24.30-11.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-help-3.24.30-11.oe2203sp1.aarch64", + "name":"gtk3-help-3.24.30-11.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"gtk3-immodule-xim-3.24.30-11.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:gtk3-immodule-xim-3.24.30-11.oe2203sp1.aarch64", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk-update-icon-cache-3.24.41-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk-update-icon-cache-3.24.41-2.oe2403.aarch64", + "name":"gtk-update-icon-cache-3.24.41-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-3.24.41-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.aarch64", + "name":"gtk3-3.24.41-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-debuginfo-3.24.41-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-debuginfo-3.24.41-2.oe2403.aarch64", + "name":"gtk3-debuginfo-3.24.41-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-debugsource-3.24.41-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-debugsource-3.24.41-2.oe2403.aarch64", + "name":"gtk3-debugsource-3.24.41-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-devel-3.24.41-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-devel-3.24.41-2.oe2403.aarch64", + "name":"gtk3-devel-3.24.41-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-help-3.24.41-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-help-3.24.41-2.oe2403.aarch64", + "name":"gtk3-help-3.24.41-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"gtk3-immodule-xim-3.24.41-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:gtk3-immodule-xim-3.24.41-2.oe2403.aarch64", + "name":"gtk3-immodule-xim-3.24.41-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk-update-icon-cache-3.24.30-11.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk-update-icon-cache-3.24.30-11.oe2203sp4.aarch64", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-3.24.30-11.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.aarch64", + "name":"gtk3-3.24.30-11.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-debuginfo-3.24.30-11.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-debuginfo-3.24.30-11.oe2203sp4.aarch64", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-debugsource-3.24.30-11.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-debugsource-3.24.30-11.oe2203sp4.aarch64", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-devel-3.24.30-11.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-devel-3.24.30-11.oe2203sp4.aarch64", + "name":"gtk3-devel-3.24.30-11.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-help-3.24.30-11.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-help-3.24.30-11.oe2203sp4.aarch64", + "name":"gtk3-help-3.24.30-11.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"gtk3-immodule-xim-3.24.30-11.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:gtk3-immodule-xim-3.24.30-11.oe2203sp4.aarch64", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk-update-icon-cache-3.24.30-11.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk-update-icon-cache-3.24.30-11.oe2203sp3.aarch64", + "name":"gtk-update-icon-cache-3.24.30-11.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-3.24.30-11.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.aarch64", + "name":"gtk3-3.24.30-11.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-debuginfo-3.24.30-11.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-debuginfo-3.24.30-11.oe2203sp3.aarch64", + "name":"gtk3-debuginfo-3.24.30-11.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-debugsource-3.24.30-11.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-debugsource-3.24.30-11.oe2203sp3.aarch64", + "name":"gtk3-debugsource-3.24.30-11.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-devel-3.24.30-11.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-devel-3.24.30-11.oe2203sp3.aarch64", + "name":"gtk3-devel-3.24.30-11.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-help-3.24.30-11.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-help-3.24.30-11.oe2203sp3.aarch64", + "name":"gtk3-help-3.24.30-11.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"gtk3-immodule-xim-3.24.30-11.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:gtk3-immodule-xim-3.24.30-11.oe2203sp3.aarch64", + "name":"gtk3-immodule-xim-3.24.30-11.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-6655", + "notes":[ + { + "text":"A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.src", + "openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.src", + "openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-debuginfo-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-debugsource-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-devel-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-help-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-immodule-xim-3.24.21-6.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:gtk-update-icon-cache-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-debuginfo-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-debugsource-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-devel-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-help-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-immodule-xim-3.24.30-11.oe2203sp1.x86_64", + "openEuler-24.03-LTS:gtk-update-icon-cache-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-debuginfo-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-debugsource-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-devel-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-help-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-immodule-xim-3.24.41-2.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:gtk-update-icon-cache-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-debuginfo-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-debugsource-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-devel-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-help-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-immodule-xim-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:gtk-update-icon-cache-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-debuginfo-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-debugsource-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-devel-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-help-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-immodule-xim-3.24.30-11.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-debuginfo-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-debugsource-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-devel-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-help-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-immodule-xim-3.24.21-6.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:gtk-update-icon-cache-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-debuginfo-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-debugsource-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-devel-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-help-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-immodule-xim-3.24.30-11.oe2203sp1.aarch64", + "openEuler-24.03-LTS:gtk-update-icon-cache-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-debuginfo-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-debugsource-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-devel-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-help-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-immodule-xim-3.24.41-2.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:gtk-update-icon-cache-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-debuginfo-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-debugsource-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-devel-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-help-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-immodule-xim-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:gtk-update-icon-cache-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-debuginfo-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-debugsource-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-devel-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-help-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-immodule-xim-3.24.30-11.oe2203sp3.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.src", + "openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.src", + "openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-debuginfo-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-debugsource-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-devel-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-help-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-immodule-xim-3.24.21-6.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:gtk-update-icon-cache-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-debuginfo-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-debugsource-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-devel-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-help-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-immodule-xim-3.24.30-11.oe2203sp1.x86_64", + "openEuler-24.03-LTS:gtk-update-icon-cache-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-debuginfo-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-debugsource-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-devel-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-help-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-immodule-xim-3.24.41-2.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:gtk-update-icon-cache-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-debuginfo-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-debugsource-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-devel-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-help-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-immodule-xim-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:gtk-update-icon-cache-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-debuginfo-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-debugsource-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-devel-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-help-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-immodule-xim-3.24.30-11.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-debuginfo-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-debugsource-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-devel-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-help-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-immodule-xim-3.24.21-6.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:gtk-update-icon-cache-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-debuginfo-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-debugsource-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-devel-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-help-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-immodule-xim-3.24.30-11.oe2203sp1.aarch64", + "openEuler-24.03-LTS:gtk-update-icon-cache-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-debuginfo-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-debugsource-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-devel-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-help-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-immodule-xim-3.24.41-2.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:gtk-update-icon-cache-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-debuginfo-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-debugsource-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-devel-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-help-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-immodule-xim-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:gtk-update-icon-cache-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-debuginfo-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-debugsource-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-devel-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-help-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-immodule-xim-3.24.30-11.oe2203sp3.aarch64" + ], + "details":"gtk3 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1892" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.0, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.src", + "openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.src", + "openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-debuginfo-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-debugsource-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-devel-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-help-3.24.21-6.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-immodule-xim-3.24.21-6.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:gtk-update-icon-cache-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-debuginfo-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-debugsource-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-devel-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-help-3.24.30-11.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:gtk3-immodule-xim-3.24.30-11.oe2203sp1.x86_64", + "openEuler-24.03-LTS:gtk-update-icon-cache-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-debuginfo-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-debugsource-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-devel-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-help-3.24.41-2.oe2403.x86_64", + "openEuler-24.03-LTS:gtk3-immodule-xim-3.24.41-2.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:gtk-update-icon-cache-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-debuginfo-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-debugsource-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-devel-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-help-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:gtk3-immodule-xim-3.24.30-11.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP3:gtk-update-icon-cache-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-debuginfo-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-debugsource-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-devel-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-help-3.24.30-11.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:gtk3-immodule-xim-3.24.30-11.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:gtk3-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-debuginfo-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-debugsource-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-devel-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-help-3.24.21-6.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:gtk3-immodule-xim-3.24.21-6.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:gtk-update-icon-cache-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-debuginfo-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-debugsource-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-devel-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-help-3.24.30-11.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:gtk3-immodule-xim-3.24.30-11.oe2203sp1.aarch64", + "openEuler-24.03-LTS:gtk-update-icon-cache-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-debuginfo-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-debugsource-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-devel-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-help-3.24.41-2.oe2403.aarch64", + "openEuler-24.03-LTS:gtk3-immodule-xim-3.24.41-2.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:gtk-update-icon-cache-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-debuginfo-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-debugsource-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-devel-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-help-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:gtk3-immodule-xim-3.24.30-11.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:gtk-update-icon-cache-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-debuginfo-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-debugsource-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-devel-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-help-3.24.30-11.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:gtk3-immodule-xim-3.24.30-11.oe2203sp3.aarch64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-6655" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1893.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1893.json new file mode 100644 index 0000000..09364ac --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1893.json @@ -0,0 +1,450 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"firefox security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for firefox is now available for openEuler-20.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.\n\nSecurity Fix(es):\n\nInstruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.(CVE-2021-29984)\n\nFirefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.(CVE-2021-29988)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for firefox is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"firefox", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1893", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1893" + }, + { + "summary":"CVE-2021-29984", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-29984&packageName=firefox" + }, + { + "summary":"CVE-2021-29988", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-29988&packageName=firefox" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29984" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29988" + }, + { + "summary":"openEuler-SA-2024-1893 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1893.json" + } + ], + "title":"An update for firefox is now available for openEuler-20.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:38+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:38+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:38+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:38+08:00", + "id":"openEuler-SA-2024-1893", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"firefox-79.0-28.oe2003sp4.aarch64.rpm", + "name":"firefox-79.0-28.oe2003sp4.aarch64.rpm" + }, + "name":"firefox-79.0-28.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"firefox-debuginfo-79.0-28.oe2003sp4.aarch64.rpm", + "name":"firefox-debuginfo-79.0-28.oe2003sp4.aarch64.rpm" + }, + "name":"firefox-debuginfo-79.0-28.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"firefox-debugsource-79.0-28.oe2003sp4.aarch64.rpm", + "name":"firefox-debugsource-79.0-28.oe2003sp4.aarch64.rpm" + }, + "name":"firefox-debugsource-79.0-28.oe2003sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"firefox-79.0-28.oe2003sp4.src.rpm", + "name":"firefox-79.0-28.oe2003sp4.src.rpm" + }, + "name":"firefox-79.0-28.oe2003sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"firefox-79.0-28.oe2003sp4.x86_64.rpm", + "name":"firefox-79.0-28.oe2003sp4.x86_64.rpm" + }, + "name":"firefox-79.0-28.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"firefox-debuginfo-79.0-28.oe2003sp4.x86_64.rpm", + "name":"firefox-debuginfo-79.0-28.oe2003sp4.x86_64.rpm" + }, + "name":"firefox-debuginfo-79.0-28.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"firefox-debugsource-79.0-28.oe2003sp4.x86_64.rpm", + "name":"firefox-debugsource-79.0-28.oe2003sp4.x86_64.rpm" + }, + "name":"firefox-debugsource-79.0-28.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64.rpm", + "name":"mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64.rpm" + }, + "name":"mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"firefox-79.0-28.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.aarch64", + "name":"firefox-79.0-28.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"firefox-debuginfo-79.0-28.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.aarch64", + "name":"firefox-debuginfo-79.0-28.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"firefox-debugsource-79.0-28.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.aarch64", + "name":"firefox-debugsource-79.0-28.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"firefox-79.0-28.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.src", + "name":"firefox-79.0-28.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"firefox-79.0-28.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.x86_64", + "name":"firefox-79.0-28.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"firefox-debuginfo-79.0-28.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.x86_64", + "name":"firefox-debuginfo-79.0-28.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"firefox-debugsource-79.0-28.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.x86_64", + "name":"firefox-debugsource-79.0-28.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64", + "name":"mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2021-29984", + "notes":[ + { + "text":"Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64" + ], + "details":"firefox security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1893" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":8.8, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2021-29984" + }, + { + "cve":"CVE-2021-29988", + "notes":[ + { + "text":"Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64" + ], + "details":"firefox security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1893" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":8.8, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:firefox-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-28.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2021-29988" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1894.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1894.json new file mode 100644 index 0000000..bd7d250 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1894.json @@ -0,0 +1,5471 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Critical" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"kernel security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for kernel is now available for openEuler-22.03-LTS-SP3", + "category":"general", + "title":"Summary" + }, + { + "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don't overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops.(CVE-2021-47432)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: Fix a deadlock in the error handler\n\nThe following deadlock has been observed on a test setup:\n\n - All tags allocated\n\n - The SCSI error handler calls ufshcd_eh_host_reset_handler()\n\n - ufshcd_eh_host_reset_handler() queues work that calls\n ufshcd_err_handler()\n\n - ufshcd_err_handler() locks up as follows:\n\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt\nCall trace:\n __switch_to+0x298/0x5d8\n __schedule+0x6cc/0xa94\n schedule+0x12c/0x298\n blk_mq_get_tag+0x210/0x480\n __blk_mq_alloc_request+0x1c8/0x284\n blk_get_request+0x74/0x134\n ufshcd_exec_dev_cmd+0x68/0x640\n ufshcd_verify_dev_init+0x68/0x35c\n ufshcd_probe_hba+0x12c/0x1cb8\n ufshcd_host_reset_and_restore+0x88/0x254\n ufshcd_reset_and_restore+0xd0/0x354\n ufshcd_err_handler+0x408/0xc58\n process_one_work+0x24c/0x66c\n worker_thread+0x3e8/0xa4c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nFix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved\nrequest.(CVE-2021-47622)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: seville: register the mdiobus under devres\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() <-\ndevres_release_all() <- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Seville VSC9959 switch is a platform device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n->remove on ->shutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls ->remove from ->shutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the seville switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe seville driver has a code structure that could accommodate both the\nmdiobus_unregister and mdiobus_free calls, but it has an external\ndependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls\ndevm_mdiobus_alloc_size() on its behalf. So rather than restructuring\nthat, and exporting yet one more symbol mscc_miim_teardown(), let's work\nwith devres and replace of_mdiobus_register with the devres variant.\nWhen we use all-devres, we can ensure that devres doesn't free a\nstill-registered bus (it either runs both callbacks, or none).(CVE-2022-48814)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against ->sock changing during sysfs read\n\n->sock can be set to NULL asynchronously unless ->recv_mutex is held.\nSo it is important to hold that mutex. Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a (\"SUNRPC: Check if the xprt is connected before\nhandling sysfs reads\") appears to attempt to fix this problem, but it\nonly narrows the race window.(CVE-2022-48816)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix leaking sent_cmd skb\n\nsent_cmd memory is not freed before freeing hci_dev causing it to leak\nit contents.(CVE-2022-48844)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock. If they don't, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0 CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread() cifs_debug_data_proc_show()\n release_mid()\n spin_lock(&server->mid_lock);\n spin_lock(&cifs_tcp_ses_lock)\n\t\t\t\t spin_lock(&server->mid_lock)\n __release_mid()\n smb2_find_smb_tcon()\n spin_lock(&cifs_tcp_ses_lock) *deadlock*(CVE-2023-52757)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: config: fix iteration issue in 'usb_get_bos_descriptor()'\n\nThe BOS descriptor defines a root descriptor and is the base descriptor for\naccessing a family of related descriptors.\n\nFunction 'usb_get_bos_descriptor()' encounters an iteration issue when\nskipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in\nthe same descriptor being read repeatedly.\n\nTo address this issue, a 'goto' statement is introduced to ensure that the\npointer and the amount read is updated correctly. This ensures that the\nfunction iterates to the next descriptor instead of reading the same\ndescriptor repeatedly.(CVE-2023-52781)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix overwrite of key expiration on instantiation\n\nThe expiry time of a key is unconditionally overwritten during\ninstantiation, defaulting to turn it permanent. This causes a problem\nfor DNS resolution as the expiration set by user-space is overwritten to\nTIME64_MAX, disabling further DNS updates. Fix this by restoring the\ncondition that key_set_expiry is only called when the pre-parser sets a\nspecific expiry.(CVE-2024-36031)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet's handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname 'nfs'\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n (CVE-2024-36939)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user.(CVE-2024-38559)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: hns3: Fix out-of-bound access when valid event group\n\nThe perf tool allows users to create event groups through following\ncmd [1], but the driver does not check whether the array index is out\nof bounds when writing data to the event_group array. If the number of\nevents in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the\nmemory write overflow of event_group array occurs.\n\nAdd array index check to fix the possible array out of bounds violation,\nand return directly when write new events are written to array bounds.\n\nThere are 9 different events in an event_group.\n[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}(CVE-2024-38568)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\necryptfs: Fix buffer size for tag 66 packet\n\nThe 'TAG 66 Packet Format' description is missing the cipher code and\nchecksum fields that are packed into the message packet. As a result,\nthe buffer allocated for the packet is 3 bytes too small and\nwrite_tag_66_packet() will write up to 3 bytes past the end of the\nbuffer.\n\nFix this by increasing the size of the allocation so the whole packet\nwill always fit in the buffer.\n\nThis fixes the below kasan slab-out-of-bounds bug:\n\n BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0\n Write of size 1 at addr ffff88800afbb2a5 by task touch/181\n\n CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x4c/0x70\n print_report+0xc5/0x610\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? kasan_complete_mode_report_info+0x44/0x210\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n kasan_report+0xc2/0x110\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n __asan_store1+0x62/0x80\n ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10\n ? __alloc_pages+0x2e2/0x540\n ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]\n ? dentry_open+0x8f/0xd0\n ecryptfs_write_metadata+0x30a/0x550\n ? __pfx_ecryptfs_write_metadata+0x10/0x10\n ? ecryptfs_get_lower_file+0x6b/0x190\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n ? __pfx_path_openat+0x10/0x10\n do_filp_open+0x15e/0x290\n ? __pfx_do_filp_open+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? _raw_spin_lock+0x86/0xf0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? alloc_fd+0xf4/0x330\n do_sys_openat2+0x122/0x160\n ? __pfx_do_sys_openat2+0x10/0x10\n __x64_sys_openat+0xef/0x170\n ? __pfx___x64_sys_openat+0x10/0x10\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f00a703fd67\n Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f\n RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\n RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67\n RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c\n RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000\n R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941\n R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040\n \n\n Allocated by task 181:\n kasan_save_stack+0x2f/0x60\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x25/0x40\n __kasan_kmalloc+0xc5/0xd0\n __kmalloc+0x66/0x160\n ecryptfs_generate_key_packet_set+0x6d2/0xde0\n ecryptfs_write_metadata+0x30a/0x550\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n do_filp_open+0x15e/0x290\n do_sys_openat2+0x122/0x160\n __x64_sys_openat+0xef/0x170\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8(CVE-2024-38578)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---(CVE-2024-38589)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Set lower bound of start tick time\n\nCurrently ALSA timer doesn't have the lower limit of the start tick\ntime, and it allows a very small size, e.g. 1 tick with 1ns resolution\nfor hrtimer. Such a situation may lead to an unexpected RCU stall,\nwhere the callback repeatedly queuing the expire update, as reported\nby fuzzer.\n\nThis patch introduces a sanity check of the timer start tick time, so\nthat the system returns an error when a too small start size is set.\nAs of this patch, the lower limit is hard-coded to 100us, which is\nsmall enough but can still work somehow.(CVE-2024-38618)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Check whether the media is initialized\n\nThe member \"uzonesize\" of struct alauda_info will remain 0\nif alauda_init_media() fails, potentially causing divide errors\nin alauda_read_data() and alauda_write_lba().\n- Add a member \"media_initialized\" to struct alauda_info.\n- Change a condition in alauda_check_media() to ensure the\n first initialization.\n- Add an error check for the return value of alauda_init_media().(CVE-2024-38619)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors\n\nThe error handling in nilfs_empty_dir() when a directory folio/page read\nfails is incorrect, as in the old ext2 implementation, and if the\nfolio/page cannot be read or nilfs_check_folio() fails, it will falsely\ndetermine the directory as empty and corrupt the file system.\n\nIn addition, since nilfs_empty_dir() does not immediately return on a\nfailed folio/page read, but continues to loop, this can cause a long loop\nwith I/O if i_size of the directory's inode is also corrupted, causing the\nlog writer thread to wait and hang, as reported by syzbot.\n\nFix these issues by making nilfs_empty_dir() immediately return a false\nvalue (0) if it fails to get a directory folio/page.(CVE-2024-39469)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions. Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.(CVE-2024-39472)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry's dname.name\n\n->d_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (->d_lock on dentry,\n->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.(CVE-2024-39494)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.(CVE-2024-39499)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: check for error-valued pointer\n\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing.(CVE-2024-39505)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver's immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().(CVE-2024-40904)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244(CVE-2024-40905)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta->ps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.(CVE-2024-40912)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.(CVE-2024-40929)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.(CVE-2024-40932)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won't see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.(CVE-2024-40941)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.(CVE-2024-40943)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Octeon: Add PCIe link status check\n\nThe standard PCIe configuration read-write interface is used to\naccess the configuration space of the peripheral PCIe devices\nof the mips processor after the PCIe link surprise down, it can\ngenerate kernel panic caused by \"Data bus error\". So it is\nnecessary to add PCIe link status check for system protection.\nWhen the PCIe link is down or in training, assigning a value\nof 0 to the configuration address can prevent read-write behavior\nto the configuration space of peripheral PCIe devices, thereby\npreventing kernel panic.(CVE-2024-40968)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Enforce hcall result buffer validity and size\n\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\n\nFor example, if I write a bug like this:\n\n long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\n plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\n\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\n\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\n\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n | ^ ~~~~~~\n\n[1] Enabled for LLVM builds but not GCC for now. See commit\n 0da6e5fd6c37 (\"gcc: disable '-Warray-bounds' for gcc-13 too\") and\n related changes.(CVE-2024-40974)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0(CVE-2024-40983)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.(CVE-2024-40984)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.(CVE-2024-40987)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Build event generation tests only as modules\n\nThe kprobes and synth event generation test modules add events and lock\n(get a reference) those event file reference in module init function,\nand unlock and delete it in module exit function. This is because those\nare designed for playing as modules.\n\nIf we make those modules as built-in, those events are left locked in the\nkernel, and never be removed. This causes kprobe event self-test failure\nas below.\n\n[ 97.349708] ------------[ cut here ]------------\n[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.357106] Modules linked in:\n[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14\n[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90\n[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286\n[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000\n[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68\n[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000\n[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000\n[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000\n[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0\n[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 97.391196] Call Trace:\n[ 97.391967] \n[ 97.392647] ? __warn+0xcc/0x180\n[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.395181] ? report_bug+0xbd/0x150\n[ 97.396234] ? handle_bug+0x3e/0x60\n[ 97.397311] ? exc_invalid_op+0x1a/0x50\n[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20\n[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20\n[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90\n[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.403773] ? init_kprobe_trace+0x50/0x50\n[ 97.404972] do_one_initcall+0x112/0x240\n[ 97.406113] do_initcall_level+0x95/0xb0\n[ 97.407286] ? kernel_init+0x1a/0x1a0\n[ 97.408401] do_initcalls+0x3f/0x70\n[ 97.409452] kernel_init_freeable+0x16f/0x1e0\n[ 97.410662] ? rest_init+0x1f0/0x1f0\n[ 97.411738] kernel_init+0x1a/0x1a0\n[ 97.412788] ret_from_fork+0x39/0x50\n[ 97.413817] ? rest_init+0x1f0/0x1f0\n[ 97.414844] ret_from_fork_asm+0x11/0x20\n[ 97.416285] \n[ 97.417134] irq event stamp: 13437323\n[ 97.418376] hardirqs last enabled at (13437337): [] console_unlock+0x11c/0x150\n[ 97.421285] hardirqs last disabled at (13437370): [] console_unlock+0x101/0x150\n[ 97.423838] softirqs last enabled at (13437366): [] handle_softirqs+0x23f/0x2a0\n[ 97.426450] softirqs last disabled at (13437393): [] __irq_exit_rcu+0x66/0xd0\n[ 97.428850] ---[ end trace 0000000000000000 ]---\n\nAnd also, since we can not cleanup dynamic_event file, ftracetest are\nfailed too.\n\nTo avoid these issues, build these tests only as modules.(CVE-2024-41004)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\n\tvalue changed: 0x0000000a -> 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi->poll_owner\nnon atomically. The ->poll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.(CVE-2024-41005)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk->icsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk->icsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.(CVE-2024-41007)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that \"owns\" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk's\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A's header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We've tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.(CVE-2024-41009)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for kernel is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Critical", + "category":"general", + "title":"Severity" + }, + { + "text":"kernel", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1894", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + }, + { + "summary":"CVE-2021-47432", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47432&packageName=kernel" + }, + { + "summary":"CVE-2021-47622", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47622&packageName=kernel" + }, + { + "summary":"CVE-2022-48814", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48814&packageName=kernel" + }, + { + "summary":"CVE-2022-48816", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48816&packageName=kernel" + }, + { + "summary":"CVE-2022-48844", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48844&packageName=kernel" + }, + { + "summary":"CVE-2023-52757", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52757&packageName=kernel" + }, + { + "summary":"CVE-2023-52781", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52781&packageName=kernel" + }, + { + "summary":"CVE-2024-36031", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36031&packageName=kernel" + }, + { + "summary":"CVE-2024-36939", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36939&packageName=kernel" + }, + { + "summary":"CVE-2024-38559", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38559&packageName=kernel" + }, + { + "summary":"CVE-2024-38568", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38568&packageName=kernel" + }, + { + "summary":"CVE-2024-38578", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38578&packageName=kernel" + }, + { + "summary":"CVE-2024-38589", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38589&packageName=kernel" + }, + { + "summary":"CVE-2024-38618", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38618&packageName=kernel" + }, + { + "summary":"CVE-2024-38619", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38619&packageName=kernel" + }, + { + "summary":"CVE-2024-39469", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39469&packageName=kernel" + }, + { + "summary":"CVE-2024-39472", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39472&packageName=kernel" + }, + { + "summary":"CVE-2024-39494", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39494&packageName=kernel" + }, + { + "summary":"CVE-2024-39499", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39499&packageName=kernel" + }, + { + "summary":"CVE-2024-39505", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39505&packageName=kernel" + }, + { + "summary":"CVE-2024-40904", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40904&packageName=kernel" + }, + { + "summary":"CVE-2024-40905", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40905&packageName=kernel" + }, + { + "summary":"CVE-2024-40912", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40912&packageName=kernel" + }, + { + "summary":"CVE-2024-40929", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40929&packageName=kernel" + }, + { + "summary":"CVE-2024-40932", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40932&packageName=kernel" + }, + { + "summary":"CVE-2024-40941", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40941&packageName=kernel" + }, + { + "summary":"CVE-2024-40943", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40943&packageName=kernel" + }, + { + "summary":"CVE-2024-40968", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40968&packageName=kernel" + }, + { + "summary":"CVE-2024-40974", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40974&packageName=kernel" + }, + { + "summary":"CVE-2024-40983", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40983&packageName=kernel" + }, + { + "summary":"CVE-2024-40984", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40984&packageName=kernel" + }, + { + "summary":"CVE-2024-40987", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40987&packageName=kernel" + }, + { + "summary":"CVE-2024-41004", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41004&packageName=kernel" + }, + { + "summary":"CVE-2024-41005", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41005&packageName=kernel" + }, + { + "summary":"CVE-2024-41007", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41007&packageName=kernel" + }, + { + "summary":"CVE-2024-41009", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41009&packageName=kernel" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47432" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47622" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48814" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48816" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48844" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52757" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52781" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36031" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36939" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38559" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38568" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38578" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38589" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38618" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38619" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39469" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39472" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39494" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39499" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39505" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40904" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40905" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40912" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40929" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40932" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40941" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40943" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40968" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40974" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40983" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40984" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40987" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41004" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41005" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41007" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41009" + }, + { + "summary":"openEuler-SA-2024-1894 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1894.json" + } + ], + "title":"An update for kernel is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:40+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:40+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date": "2024-07-27T10:35:00+08:00", + "summary": "final", + "number": "2.0.0" + } + ], + "generator":{ + "date":"2024-07-27T10:35:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-27T10:35:00+08:00", + "id":"openEuler-SA-2024-1894", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"perf-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"perf-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"perf-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "name":"python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm" + }, + "name":"python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-5.10.0-220.0.0.123.oe2203sp3.src.rpm", + "name":"kernel-5.10.0-220.0.0.123.oe2203sp3.src.rpm" + }, + "name":"kernel-5.10.0-220.0.0.123.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"perf-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"perf-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"perf-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "name":"python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm" + }, + "name":"python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"perf-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"perf-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "name":"python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-5.10.0-220.0.0.123.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "name":"kernel-5.10.0-220.0.0.123.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"perf-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"perf-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "name":"python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2021-47432", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don't overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2021-47432" + }, + { + "cve":"CVE-2021-47622", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: Fix a deadlock in the error handler\n\nThe following deadlock has been observed on a test setup:\n\n - All tags allocated\n\n - The SCSI error handler calls ufshcd_eh_host_reset_handler()\n\n - ufshcd_eh_host_reset_handler() queues work that calls\n ufshcd_err_handler()\n\n - ufshcd_err_handler() locks up as follows:\n\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt\nCall trace:\n __switch_to+0x298/0x5d8\n __schedule+0x6cc/0xa94\n schedule+0x12c/0x298\n blk_mq_get_tag+0x210/0x480\n __blk_mq_alloc_request+0x1c8/0x284\n blk_get_request+0x74/0x134\n ufshcd_exec_dev_cmd+0x68/0x640\n ufshcd_verify_dev_init+0x68/0x35c\n ufshcd_probe_hba+0x12c/0x1cb8\n ufshcd_host_reset_and_restore+0x88/0x254\n ufshcd_reset_and_restore+0xd0/0x354\n ufshcd_err_handler+0x408/0xc58\n process_one_work+0x24c/0x66c\n worker_thread+0x3e8/0xa4c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nFix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved\nrequest.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2021-47622" + }, + { + "cve":"CVE-2022-48814", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: seville: register the mdiobus under devres\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() <-\ndevres_release_all() <- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Seville VSC9959 switch is a platform device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n->remove on ->shutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls ->remove from ->shutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the seville switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe seville driver has a code structure that could accommodate both the\nmdiobus_unregister and mdiobus_free calls, but it has an external\ndependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls\ndevm_mdiobus_alloc_size() on its behalf. So rather than restructuring\nthat, and exporting yet one more symbol mscc_miim_teardown(), let's work\nwith devres and replace of_mdiobus_register with the devres variant.\nWhen we use all-devres, we can ensure that devres doesn't free a\nstill-registered bus (it either runs both callbacks, or none).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48814" + }, + { + "cve":"CVE-2022-48816", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against ->sock changing during sysfs read\n\n->sock can be set to NULL asynchronously unless ->recv_mutex is held.\nSo it is important to hold that mutex. Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a (\"SUNRPC: Check if the xprt is connected before\nhandling sysfs reads\") appears to attempt to fix this problem, but it\nonly narrows the race window.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48816" + }, + { + "cve":"CVE-2022-48844", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix leaking sent_cmd skb\n\nsent_cmd memory is not freed before freeing hci_dev causing it to leak\nit contents.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2022-48844" + }, + { + "cve":"CVE-2023-52757", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock. If they don't, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0 CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread() cifs_debug_data_proc_show()\n release_mid()\n spin_lock(&server->mid_lock);\n spin_lock(&cifs_tcp_ses_lock)\n\t\t\t\t spin_lock(&server->mid_lock)\n __release_mid()\n smb2_find_smb_tcon()\n spin_lock(&cifs_tcp_ses_lock) *deadlock*", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-52757" + }, + { + "cve":"CVE-2023-52781", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: config: fix iteration issue in 'usb_get_bos_descriptor()'\n\nThe BOS descriptor defines a root descriptor and is the base descriptor for\naccessing a family of related descriptors.\n\nFunction 'usb_get_bos_descriptor()' encounters an iteration issue when\nskipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in\nthe same descriptor being read repeatedly.\n\nTo address this issue, a 'goto' statement is introduced to ensure that the\npointer and the amount read is updated correctly. This ensures that the\nfunction iterates to the next descriptor instead of reading the same\ndescriptor repeatedly.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.3, + "vectorString":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-52781" + }, + { + "cve":"CVE-2024-36031", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:keys: Fix overwrite of key expiration on instantiationThe expiry time of a key is unconditionally overwritten duringinstantiation, defaulting to turn it permanent. This causes a problemfor DNS resolution as the expiration set by user-space is overwritten toTIME64_MAX, disabling further DNS updates. Fix this by restoring thecondition that key_set_expiry is only called when the pre-parser sets aspecific expiry.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"CRITICAL", + "baseScore":9.8, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Critical", + "category":"impact" + } + ], + "title":"CVE-2024-36031" + }, + { + "cve":"CVE-2024-36939", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet's handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname 'nfs'\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n ", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.6, + "vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-36939" + }, + { + "cve":"CVE-2024-38559", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-38559" + }, + { + "cve":"CVE-2024-38568", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: hns3: Fix out-of-bound access when valid event group\n\nThe perf tool allows users to create event groups through following\ncmd [1], but the driver does not check whether the array index is out\nof bounds when writing data to the event_group array. If the number of\nevents in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the\nmemory write overflow of event_group array occurs.\n\nAdd array index check to fix the possible array out of bounds violation,\nand return directly when write new events are written to array bounds.\n\nThere are 9 different events in an event_group.\n[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.1, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38568" + }, + { + "cve":"CVE-2024-38578", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\necryptfs: Fix buffer size for tag 66 packet\n\nThe 'TAG 66 Packet Format' description is missing the cipher code and\nchecksum fields that are packed into the message packet. As a result,\nthe buffer allocated for the packet is 3 bytes too small and\nwrite_tag_66_packet() will write up to 3 bytes past the end of the\nbuffer.\n\nFix this by increasing the size of the allocation so the whole packet\nwill always fit in the buffer.\n\nThis fixes the below kasan slab-out-of-bounds bug:\n\n BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0\n Write of size 1 at addr ffff88800afbb2a5 by task touch/181\n\n CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x4c/0x70\n print_report+0xc5/0x610\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? kasan_complete_mode_report_info+0x44/0x210\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n kasan_report+0xc2/0x110\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n __asan_store1+0x62/0x80\n ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10\n ? __alloc_pages+0x2e2/0x540\n ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]\n ? dentry_open+0x8f/0xd0\n ecryptfs_write_metadata+0x30a/0x550\n ? __pfx_ecryptfs_write_metadata+0x10/0x10\n ? ecryptfs_get_lower_file+0x6b/0x190\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n ? __pfx_path_openat+0x10/0x10\n do_filp_open+0x15e/0x290\n ? __pfx_do_filp_open+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? _raw_spin_lock+0x86/0xf0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? alloc_fd+0xf4/0x330\n do_sys_openat2+0x122/0x160\n ? __pfx_do_sys_openat2+0x10/0x10\n __x64_sys_openat+0xef/0x170\n ? __pfx___x64_sys_openat+0x10/0x10\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f00a703fd67\n Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f\n RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\n RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67\n RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c\n RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000\n R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941\n R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040\n \n\n Allocated by task 181:\n kasan_save_stack+0x2f/0x60\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x25/0x40\n __kasan_kmalloc+0xc5/0xd0\n __kmalloc+0x66/0x160\n ecryptfs_generate_key_packet_set+0x6d2/0xde0\n ecryptfs_write_metadata+0x30a/0x550\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n do_filp_open+0x15e/0x290\n do_sys_openat2+0x122/0x160\n __x64_sys_openat+0xef/0x170\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-38578" + }, + { + "cve":"CVE-2024-38589", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38589" + }, + { + "cve":"CVE-2024-38618", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Set lower bound of start tick time\n\nCurrently ALSA timer doesn't have the lower limit of the start tick\ntime, and it allows a very small size, e.g. 1 tick with 1ns resolution\nfor hrtimer. Such a situation may lead to an unexpected RCU stall,\nwhere the callback repeatedly queuing the expire update, as reported\nby fuzzer.\n\nThis patch introduces a sanity check of the timer start tick time, so\nthat the system returns an error when a too small start size is set.\nAs of this patch, the lower limit is hard-coded to 100us, which is\nsmall enough but can still work somehow.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38618" + }, + { + "cve":"CVE-2024-38619", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Check whether the media is initialized\n\nThe member \"uzonesize\" of struct alauda_info will remain 0\nif alauda_init_media() fails, potentially causing divide errors\nin alauda_read_data() and alauda_write_lba().\n- Add a member \"media_initialized\" to struct alauda_info.\n- Change a condition in alauda_check_media() to ensure the\n first initialization.\n- Add an error check for the return value of alauda_init_media().", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38619" + }, + { + "cve":"CVE-2024-39469", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors\n\nThe error handling in nilfs_empty_dir() when a directory folio/page read\nfails is incorrect, as in the old ext2 implementation, and if the\nfolio/page cannot be read or nilfs_check_folio() fails, it will falsely\ndetermine the directory as empty and corrupt the file system.\n\nIn addition, since nilfs_empty_dir() does not immediately return on a\nfailed folio/page read, but continues to loop, this can cause a long loop\nwith I/O if i_size of the directory's inode is also corrupted, causing the\nlog writer thread to wait and hang, as reported by syzbot.\n\nFix these issues by making nilfs_empty_dir() immediately return a false\nvalue (0) if it fails to get a directory folio/page.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39469" + }, + { + "cve":"CVE-2024-39472", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:xfs: fix log recovery buffer allocation for the legacy h_size fixupCommit a70f9fe52daa ( xfs: detect and handle invalid iclog size set bymkfs ) added a fixup for incorrect h_size values used for the initialumount record in old xfsprogs versions. Later commit 0c771b99d6c9( xfs: clean up calculation of LR header blocks ) cleaned up the logreover buffer calculation, but stoped using the fixed up h_size valueto size the log recovery buffer, which can lead to an out of boundsaccess when the incorrect h_size does not come from the old mkfstool, but a fuzzer.Fix this by open coding xlog_logrec_hblks and taking the fixed h_sizeinto account for this calculation.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39472" + }, + { + "cve":"CVE-2024-39494", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry's dname.name\n\n->d_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (->d_lock on dentry,\n->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-39494" + }, + { + "cve":"CVE-2024-39499", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39499" + }, + { + "cve":"CVE-2024-39505", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: check for error-valued pointer\n\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39505" + }, + { + "cve":"CVE-2024-40904", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver's immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40904" + }, + { + "cve":"CVE-2024-40905", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40905" + }, + { + "cve":"CVE-2024-40912", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta->ps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40912" + }, + { + "cve":"CVE-2024-40929", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40929" + }, + { + "cve":"CVE-2024-40932", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40932" + }, + { + "cve":"CVE-2024-40941", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won't see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40941" + }, + { + "cve":"CVE-2024-40943", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40943" + }, + { + "cve":"CVE-2024-40968", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Octeon: Add PCIe link status check\n\nThe standard PCIe configuration read-write interface is used to\naccess the configuration space of the peripheral PCIe devices\nof the mips processor after the PCIe link surprise down, it can\ngenerate kernel panic caused by \"Data bus error\". So it is\nnecessary to add PCIe link status check for system protection.\nWhen the PCIe link is down or in training, assigning a value\nof 0 to the configuration address can prevent read-write behavior\nto the configuration space of peripheral PCIe devices, thereby\npreventing kernel panic.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40968" + }, + { + "cve":"CVE-2024-40974", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Enforce hcall result buffer validity and size\n\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\n\nFor example, if I write a bug like this:\n\n long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\n plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\n\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\n\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\n\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n | ^ ~~~~~~\n\n[1] Enabled for LLVM builds but not GCC for now. See commit\n 0da6e5fd6c37 (\"gcc: disable '-Warray-bounds' for gcc-13 too\") and\n related changes.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40974" + }, + { + "cve":"CVE-2024-40983", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40983" + }, + { + "cve":"CVE-2024-40984", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40984" + }, + { + "cve":"CVE-2024-40987", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40987" + }, + { + "cve":"CVE-2024-41004", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Build event generation tests only as modules\n\nThe kprobes and synth event generation test modules add events and lock\n(get a reference) those event file reference in module init function,\nand unlock and delete it in module exit function. This is because those\nare designed for playing as modules.\n\nIf we make those modules as built-in, those events are left locked in the\nkernel, and never be removed. This causes kprobe event self-test failure\nas below.\n\n[ 97.349708] ------------[ cut here ]------------\n[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.357106] Modules linked in:\n[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14\n[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90\n[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286\n[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000\n[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68\n[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000\n[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000\n[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000\n[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0\n[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 97.391196] Call Trace:\n[ 97.391967] \n[ 97.392647] ? __warn+0xcc/0x180\n[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.395181] ? report_bug+0xbd/0x150\n[ 97.396234] ? handle_bug+0x3e/0x60\n[ 97.397311] ? exc_invalid_op+0x1a/0x50\n[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20\n[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20\n[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90\n[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.403773] ? init_kprobe_trace+0x50/0x50\n[ 97.404972] do_one_initcall+0x112/0x240\n[ 97.406113] do_initcall_level+0x95/0xb0\n[ 97.407286] ? kernel_init+0x1a/0x1a0\n[ 97.408401] do_initcalls+0x3f/0x70\n[ 97.409452] kernel_init_freeable+0x16f/0x1e0\n[ 97.410662] ? rest_init+0x1f0/0x1f0\n[ 97.411738] kernel_init+0x1a/0x1a0\n[ 97.412788] ret_from_fork+0x39/0x50\n[ 97.413817] ? rest_init+0x1f0/0x1f0\n[ 97.414844] ret_from_fork_asm+0x11/0x20\n[ 97.416285] \n[ 97.417134] irq event stamp: 13437323\n[ 97.418376] hardirqs last enabled at (13437337): [] console_unlock+0x11c/0x150\n[ 97.421285] hardirqs last disabled at (13437370): [] console_unlock+0x101/0x150\n[ 97.423838] softirqs last enabled at (13437366): [] handle_softirqs+0x23f/0x2a0\n[ 97.426450] softirqs last disabled at (13437393): [] __irq_exit_rcu+0x66/0xd0\n[ 97.428850] ---[ end trace 0000000000000000 ]---\n\nAnd also, since we can not cleanup dynamic_event file, ftracetest are\nfailed too.\n\nTo avoid these issues, build these tests only as modules.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-41004" + }, + { + "cve":"CVE-2024-41005", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\n\tvalue changed: 0x0000000a -> 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi->poll_owner\nnon atomically. The ->poll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-41005" + }, + { + "cve":"CVE-2024-41007", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk->icsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk->icsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-41007" + }, + { + "cve":"CVE-2024-41009", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:bpf: Fix overrunning reservations in ringbufThe BPF ring buffer internally is implemented as a power-of-2 sized circularbuffer, with two logical and ever-increasing counters: consumer_pos is theconsumer counter to show which logical position the consumer consumed thedata, and producer_pos which is the producer counter denoting the amount ofdata reserved by all producers.Each time a record is reserved, the producer that owns the record willsuccessfully advance producer counter. In user space each time a record isread, the consumer of the data advanced the consumer counter once it finishedprocessing. Both counters are stored in separate pages so that from userspace, the producer counter is read-only and the consumer counter is read-write.One aspect that simplifies and thus speeds up the implementation of bothproducers and consumers is how the data area is mapped twice contiguouslyback-to-back in the virtual memory, allowing to not take any special measuresfor samples that have to wrap around at the end of the circular buffer dataarea, because the next page after the last data page would be first data pageagain, and thus the sample will still appear completely contiguous in virtualmemory.Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header forbook-keeping the length and offset, and is inaccessible to the BPF program.Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`for the BPF program to use. Bing-Jhong and Muhammad reported that it is howeverpossible to make a second allocated memory chunk overlapping with the firstchunk and as a result, the BPF program is now able to edit first chunk sheader.For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with sizeof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call tobpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, letsallocate a chunk B with size 0x3000. This will succeed because consumer_poswas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`check. Chunk B will be in range [0x3008,0x6010], and the BPF program is ableto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentionedearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same datapages. This means that chunk B at [0x4000,0x4008] is chunk A s header.bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header s pg_off to thenlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunkB modified chunk A s header, then bpf_ringbuf_commit() refers to the wrongpage and could cause a crash.Fix it by calculating the oldest pending_pos and check whether the rangefrom the oldest outstanding record to the newest would span beyond the ringbuffer size. If that is the case, then reject the request. We ve tested withthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)before/after the fix and while it seems a bit slower on some benchmarks, itis still not significantly enough to matter.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-41009" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1895.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1895.json new file mode 100644 index 0000000..49552a6 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1895.json @@ -0,0 +1,4276 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"kernel security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for kernel is now available for openEuler-20.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix segfault in nfc_genl_dump_devices_done\n\nWhen kmalloc in nfc_genl_dump_devices() fails then\nnfc_genl_dump_devices_done() segfaults as below\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014\nWorkqueue: events netlink_sock_destruct_work\nRIP: 0010:klist_iter_exit+0x26/0x80\nCall Trace:\n\nclass_dev_iter_exit+0x15/0x20\nnfc_genl_dump_devices_done+0x3b/0x50\ngenl_lock_done+0x84/0xd0\nnetlink_sock_destruct+0x8f/0x270\n__sk_destruct+0x64/0x3b0\nsk_destruct+0xa8/0xd0\n__sk_free+0x2e8/0x3d0\nsk_free+0x51/0x90\nnetlink_sock_destruct_work+0x1c/0x20\nprocess_one_work+0x411/0x710\nworker_thread+0x6fd/0xa80(CVE-2021-47612)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add()?\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix memory leak by calling kobject_put().(CVE-2022-48775)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnvme-rdma: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_rdma_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state.(CVE-2022-48788)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: Fix use-after-free bug by not setting udc->dev.driver\n\nThe syzbot fuzzer found a use-after-free bug:\n\nBUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320\nRead of size 8 at addr ffff88802b934098 by task udevd/3689\n\nCPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n dev_uevent+0x712/0x780 drivers/base/core.c:2320\n uevent_show+0x1b8/0x380 drivers/base/core.c:2391\n dev_attr_show+0x4b/0x90 drivers/base/core.c:2094\n\nAlthough the bug manifested in the driver core, the real cause was a\nrace with the gadget core. dev_uevent() does:\n\n\tif (dev->driver)\n\t\tadd_uevent_var(env, \"DRIVER=%s\", dev->driver->name);\n\nand between the test and the dereference of dev->driver, the gadget\ncore sets dev->driver to NULL.\n\nThe race wouldn't occur if the gadget core registered its devices on\na real bus, using the standard synchronization techniques of the\ndriver core. However, it's not necessary to make such a large change\nin order to fix this bug; all we need to do is make sure that\nudc->dev.driver is always NULL.\n\nIn fact, there is no reason for udc->dev.driver ever to be set to\nanything, let alone to the value it currently gets: the address of the\ngadget's driver. After all, a gadget driver only knows how to manage\na gadget, not how to manage a UDC.\n\nThis patch simply removes the statements in the gadget core that touch\nudc->dev.driver.(CVE-2022-48838)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix kernel-infoleak for SCTP sockets\n\nsyzbot reported a kernel infoleak [1] of 4 bytes.\n\nAfter analysis, it turned out r->idiag_expires is not initialized\nif inet_sctp_diag_fill() calls inet_diag_msg_common_fill()\n\nMake sure to clear idiag_timer/idiag_retrans/idiag_expires\nand let inet_diag_msg_sctpasoc_fill() fill them again if needed.\n\n[1]\n\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]\nBUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n copyout lib/iov_iter.c:154 [inline]\n _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668\n copy_to_iter include/linux/uio.h:162 [inline]\n simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519\n __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425\n skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533\n skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline]\n netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977\n sock_recvmsg_nosec net/socket.c:948 [inline]\n sock_recvmsg net/socket.c:966 [inline]\n __sys_recvfrom+0x795/0xa10 net/socket.c:2097\n __do_sys_recvfrom net/socket.c:2115 [inline]\n __se_sys_recvfrom net/socket.c:2111 [inline]\n __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2111\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:737 [inline]\n slab_alloc_node mm/slub.c:3247 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1158 [inline]\n netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248\n __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373\n netlink_dump_start include/linux/netlink.h:254 [inline]\n inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341\n sock_diag_rcv_msg+0x24a/0x620\n netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494\n sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:277\n netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]\n netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343\n netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919\n sock_sendmsg_nosec net/socket.c:705 [inline]\n sock_sendmsg net/socket.c:725 [inline]\n sock_write_iter+0x594/0x690 net/socket.c:1061\n do_iter_readv_writev+0xa7f/0xc70\n do_iter_write+0x52c/0x1500 fs/read_write.c:851\n vfs_writev fs/read_write.c:924 [inline]\n do_writev+0x645/0xe00 fs/read_write.c:967\n __do_sys_writev fs/read_write.c:1040 [inline]\n __se_sys_writev fs/read_write.c:1037 [inline]\n __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBytes 68-71 of 2508 are uninitialized\nMemory access of size 2508 starts at ffff888114f9b000\nData copied to user address 00007f7fe09ff2e0\n\nCPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011(CVE-2022-48855)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngianfar: ethtool: Fix refcount leak in gfar_get_ts_info\n\nThe of_find_compatible_node() function returns a node pointer with\nrefcount incremented, We should use of_node_put() on it when done\nAdd the missing of_node_put() to release the refcount.(CVE-2022-48856)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix kernel panic when enabling bearer\n\nWhen enabling a bearer on a node, a kernel panic is observed:\n\n[ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc]\n...\n[ 4.520030] Call Trace:\n[ 4.520689] \n[ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc]\n[ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc]\n[ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc]\n[ 4.525292] tipc_rcv+0x5da/0x730 [tipc]\n[ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0\n[ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc]\n[ 4.528737] __netif_receive_skb_list_core+0x20b/0x260\n[ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0\n[ 4.531450] ? dev_gro_receive+0x4c2/0x680\n[ 4.532512] napi_complete_done+0x6f/0x180\n[ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net]\n...\n\nThe node in question is receiving activate messages in another\nthread after changing bearer status to allow message sending/\nreceiving in current thread:\n\n thread 1 | thread 2\n -------- | --------\n |\ntipc_enable_bearer() |\n test_and_set_bit_lock() |\n tipc_bearer_xmit_skb() |\n | tipc_l2_rcv_msg()\n | tipc_rcv()\n | __tipc_node_link_up()\n | tipc_link_build_state_msg()\n | tipc_link_build_proto_msg()\n | tipc_mon_prep()\n | {\n | ...\n | // null-pointer dereference\n | u16 gen = mon->dom_gen;\n | ...\n | }\n // Not being executed yet |\n tipc_mon_create() |\n { |\n ... |\n // allocate |\n mon = kzalloc(); |\n ... |\n } |\n\nMonitoring pointer in thread 2 is dereferenced before monitoring data\nis allocated in thread 1. This causes kernel panic.\n\nThis commit fixes it by allocating the monitoring data before enabling\nthe bearer to receive messages.(CVE-2022-48865)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---(CVE-2024-38589)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it's still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely.(CVE-2024-39493)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry's dname.name\n\n->d_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (->d_lock on dentry,\n->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.(CVE-2024-39494)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.(CVE-2024-39499)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver's immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().(CVE-2024-40904)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta->ps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.(CVE-2024-40912)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.(CVE-2024-40929)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.(CVE-2024-40932)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won't see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.(CVE-2024-40941)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.(CVE-2024-40943)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Octeon: Add PCIe link status check\n\nThe standard PCIe configuration read-write interface is used to\naccess the configuration space of the peripheral PCIe devices\nof the mips processor after the PCIe link surprise down, it can\ngenerate kernel panic caused by \"Data bus error\". So it is\nnecessary to add PCIe link status check for system protection.\nWhen the PCIe link is down or in training, assigning a value\nof 0 to the configuration address can prevent read-write behavior\nto the configuration space of peripheral PCIe devices, thereby\npreventing kernel panic.(CVE-2024-40968)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Enforce hcall result buffer validity and size\n\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\n\nFor example, if I write a bug like this:\n\n long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\n plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\n\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\n\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\n\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n | ^ ~~~~~~\n\n[1] Enabled for LLVM builds but not GCC for now. See commit\n 0da6e5fd6c37 (\"gcc: disable '-Warray-bounds' for gcc-13 too\") and\n related changes.(CVE-2024-40974)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.(CVE-2024-40984)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.(CVE-2024-40987)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\n\tvalue changed: 0x0000000a -> 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi->poll_owner\nnon atomically. The ->poll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.(CVE-2024-41005)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk->icsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk->icsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.(CVE-2024-41007)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for kernel is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"kernel", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1895", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + }, + { + "summary":"CVE-2021-47612", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47612&packageName=kernel" + }, + { + "summary":"CVE-2022-48775", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48775&packageName=kernel" + }, + { + "summary":"CVE-2022-48788", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48788&packageName=kernel" + }, + { + "summary":"CVE-2022-48838", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48838&packageName=kernel" + }, + { + "summary":"CVE-2022-48855", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48855&packageName=kernel" + }, + { + "summary":"CVE-2022-48856", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48856&packageName=kernel" + }, + { + "summary":"CVE-2022-48865", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48865&packageName=kernel" + }, + { + "summary":"CVE-2024-38589", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38589&packageName=kernel" + }, + { + "summary":"CVE-2024-39493", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39493&packageName=kernel" + }, + { + "summary":"CVE-2024-39494", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39494&packageName=kernel" + }, + { + "summary":"CVE-2024-39499", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39499&packageName=kernel" + }, + { + "summary":"CVE-2024-40904", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40904&packageName=kernel" + }, + { + "summary":"CVE-2024-40912", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40912&packageName=kernel" + }, + { + "summary":"CVE-2024-40929", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40929&packageName=kernel" + }, + { + "summary":"CVE-2024-40932", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40932&packageName=kernel" + }, + { + "summary":"CVE-2024-40941", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40941&packageName=kernel" + }, + { + "summary":"CVE-2024-40943", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40943&packageName=kernel" + }, + { + "summary":"CVE-2024-40968", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40968&packageName=kernel" + }, + { + "summary":"CVE-2024-40974", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40974&packageName=kernel" + }, + { + "summary":"CVE-2024-40984", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40984&packageName=kernel" + }, + { + "summary":"CVE-2024-40987", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40987&packageName=kernel" + }, + { + "summary":"CVE-2024-41005", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41005&packageName=kernel" + }, + { + "summary":"CVE-2024-41007", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41007&packageName=kernel" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47612" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48775" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48788" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48838" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48855" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48856" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48865" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38589" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39493" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39494" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39499" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40904" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40912" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40929" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40932" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40941" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40943" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40968" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40974" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40984" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40987" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41005" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41007" + }, + { + "summary":"openEuler-SA-2024-1895 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1895.json" + } + ], + "title":"An update for kernel is now available for openEuler-20.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:42+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:42+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date": "2024-07-27T10:35:00+08:00", + "summary": "final", + "number": "2.0.0" + } + ], + "generator":{ + "date":"2024-07-27T10:35:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-27T10:35:00+08:00", + "id":"openEuler-SA-2024-1895", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "name":"python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm" + }, + "name":"python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "name":"python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm" + }, + "name":"python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.src.rpm", + "name":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.src.rpm" + }, + "name":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "name":"python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "name":"python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src", + "name":"kernel-4.19.90-2407.5.0.0287.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2021-47612", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix segfault in nfc_genl_dump_devices_done\n\nWhen kmalloc in nfc_genl_dump_devices() fails then\nnfc_genl_dump_devices_done() segfaults as below\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014\nWorkqueue: events netlink_sock_destruct_work\nRIP: 0010:klist_iter_exit+0x26/0x80\nCall Trace:\n\nclass_dev_iter_exit+0x15/0x20\nnfc_genl_dump_devices_done+0x3b/0x50\ngenl_lock_done+0x84/0xd0\nnetlink_sock_destruct+0x8f/0x270\n__sk_destruct+0x64/0x3b0\nsk_destruct+0xa8/0xd0\n__sk_free+0x2e8/0x3d0\nsk_free+0x51/0x90\nnetlink_sock_destruct_work+0x1c/0x20\nprocess_one_work+0x411/0x710\nworker_thread+0x6fd/0xa80", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2021-47612" + }, + { + "cve":"CVE-2022-48775", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add()?\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix memory leak by calling kobject_put().", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2022-48775" + }, + { + "cve":"CVE-2022-48788", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-rdma: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_rdma_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48788" + }, + { + "cve":"CVE-2022-48838", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: Fix use-after-free bug by not setting udc->dev.driver\n\nThe syzbot fuzzer found a use-after-free bug:\n\nBUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320\nRead of size 8 at addr ffff88802b934098 by task udevd/3689\n\nCPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n dev_uevent+0x712/0x780 drivers/base/core.c:2320\n uevent_show+0x1b8/0x380 drivers/base/core.c:2391\n dev_attr_show+0x4b/0x90 drivers/base/core.c:2094\n\nAlthough the bug manifested in the driver core, the real cause was a\nrace with the gadget core. dev_uevent() does:\n\n\tif (dev->driver)\n\t\tadd_uevent_var(env, \"DRIVER=%s\", dev->driver->name);\n\nand between the test and the dereference of dev->driver, the gadget\ncore sets dev->driver to NULL.\n\nThe race wouldn't occur if the gadget core registered its devices on\na real bus, using the standard synchronization techniques of the\ndriver core. However, it's not necessary to make such a large change\nin order to fix this bug; all we need to do is make sure that\nudc->dev.driver is always NULL.\n\nIn fact, there is no reason for udc->dev.driver ever to be set to\nanything, let alone to the value it currently gets: the address of the\ngadget's driver. After all, a gadget driver only knows how to manage\na gadget, not how to manage a UDC.\n\nThis patch simply removes the statements in the gadget core that touch\nudc->dev.driver.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48838" + }, + { + "cve":"CVE-2022-48855", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix kernel-infoleak for SCTP sockets\n\nsyzbot reported a kernel infoleak [1] of 4 bytes.\n\nAfter analysis, it turned out r->idiag_expires is not initialized\nif inet_sctp_diag_fill() calls inet_diag_msg_common_fill()\n\nMake sure to clear idiag_timer/idiag_retrans/idiag_expires\nand let inet_diag_msg_sctpasoc_fill() fill them again if needed.\n\n[1]\n\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]\nBUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n copyout lib/iov_iter.c:154 [inline]\n _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668\n copy_to_iter include/linux/uio.h:162 [inline]\n simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519\n __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425\n skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533\n skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline]\n netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977\n sock_recvmsg_nosec net/socket.c:948 [inline]\n sock_recvmsg net/socket.c:966 [inline]\n __sys_recvfrom+0x795/0xa10 net/socket.c:2097\n __do_sys_recvfrom net/socket.c:2115 [inline]\n __se_sys_recvfrom net/socket.c:2111 [inline]\n __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2111\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:737 [inline]\n slab_alloc_node mm/slub.c:3247 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1158 [inline]\n netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248\n __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373\n netlink_dump_start include/linux/netlink.h:254 [inline]\n inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341\n sock_diag_rcv_msg+0x24a/0x620\n netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494\n sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:277\n netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]\n netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343\n netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919\n sock_sendmsg_nosec net/socket.c:705 [inline]\n sock_sendmsg net/socket.c:725 [inline]\n sock_write_iter+0x594/0x690 net/socket.c:1061\n do_iter_readv_writev+0xa7f/0xc70\n do_iter_write+0x52c/0x1500 fs/read_write.c:851\n vfs_writev fs/read_write.c:924 [inline]\n do_writev+0x645/0xe00 fs/read_write.c:967\n __do_sys_writev fs/read_write.c:1040 [inline]\n __se_sys_writev fs/read_write.c:1037 [inline]\n __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBytes 68-71 of 2508 are uninitialized\nMemory access of size 2508 starts at ffff888114f9b000\nData copied to user address 00007f7fe09ff2e0\n\nCPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.1, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2022-48855" + }, + { + "cve":"CVE-2022-48856", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:gianfar: ethtool: Fix refcount leak in gfar_get_ts_infoThe of_find_compatible_node() function returns a node pointer withrefcount incremented, We should use of_node_put() on it when doneAdd the missing of_node_put() to release the refcount.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48856" + }, + { + "cve":"CVE-2022-48865", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:tipc: fix kernel panic when enabling bearerWhen enabling a bearer on a node, a kernel panic is observed:[ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc]...[ 4.520030] Call Trace:[ 4.520689] [ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc][ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc][ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc][ 4.525292] tipc_rcv+0x5da/0x730 [tipc][ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0[ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc][ 4.528737] __netif_receive_skb_list_core+0x20b/0x260[ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0[ 4.531450] ? dev_gro_receive+0x4c2/0x680[ 4.532512] napi_complete_done+0x6f/0x180[ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net]...The node in question is receiving activate messages in anotherthread after changing bearer status to allow message sending/receiving in current thread: thread 1 | thread 2 -------- | -------- |tipc_enable_bearer() | test_and_set_bit_lock() | tipc_bearer_xmit_skb() | | tipc_l2_rcv_msg() | tipc_rcv() | __tipc_node_link_up() | tipc_link_build_state_msg() | tipc_link_build_proto_msg() | tipc_mon_prep() | { | ... | // null-pointer dereference | u16 gen = mon->dom_gen; | ... | } // Not being executed yet | tipc_mon_create() | { | ... | // allocate | mon = kzalloc(); | ... | } |Monitoring pointer in thread 2 is dereferenced before monitoring datais allocated in thread 1. This causes kernel panic.This commit fixes it by allocating the monitoring data before enablingthe bearer to receive messages.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48865" + }, + { + "cve":"CVE-2024-38589", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38589" + }, + { + "cve":"CVE-2024-39493", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it's still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.1, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39493" + }, + { + "cve":"CVE-2024-39494", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry's dname.name\n\n->d_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (->d_lock on dentry,\n->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-39494" + }, + { + "cve":"CVE-2024-39499", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39499" + }, + { + "cve":"CVE-2024-40904", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver's immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40904" + }, + { + "cve":"CVE-2024-40912", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta->ps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40912" + }, + { + "cve":"CVE-2024-40929", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40929" + }, + { + "cve":"CVE-2024-40932", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40932" + }, + { + "cve":"CVE-2024-40941", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won't see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40941" + }, + { + "cve":"CVE-2024-40943", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40943" + }, + { + "cve":"CVE-2024-40968", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Octeon: Add PCIe link status check\n\nThe standard PCIe configuration read-write interface is used to\naccess the configuration space of the peripheral PCIe devices\nof the mips processor after the PCIe link surprise down, it can\ngenerate kernel panic caused by \"Data bus error\". So it is\nnecessary to add PCIe link status check for system protection.\nWhen the PCIe link is down or in training, assigning a value\nof 0 to the configuration address can prevent read-write behavior\nto the configuration space of peripheral PCIe devices, thereby\npreventing kernel panic.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40968" + }, + { + "cve":"CVE-2024-40974", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Enforce hcall result buffer validity and size\n\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\n\nFor example, if I write a bug like this:\n\n long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\n plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\n\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\n\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\n\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n | ^ ~~~~~~\n\n[1] Enabled for LLVM builds but not GCC for now. See commit\n 0da6e5fd6c37 (\"gcc: disable '-Warray-bounds' for gcc-13 too\") and\n related changes.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40974" + }, + { + "cve":"CVE-2024-40984", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40984" + }, + { + "cve":"CVE-2024-40987", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40987" + }, + { + "cve":"CVE-2024-41005", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\n\tvalue changed: 0x0000000a -> 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi->poll_owner\nnon atomically. The ->poll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-41005" + }, + { + "cve":"CVE-2024-41007", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk->icsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk->icsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2407.5.0.0287.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-41007" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1896.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1896.json new file mode 100644 index 0000000..d2ac615 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1896.json @@ -0,0 +1,5338 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"kernel security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for kernel is now available for openEuler-22.03-LTS-SP1", + "category":"general", + "title":"Summary" + }, + { + "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don't overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops.(CVE-2021-47432)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: Fix a deadlock in the error handler\n\nThe following deadlock has been observed on a test setup:\n\n - All tags allocated\n\n - The SCSI error handler calls ufshcd_eh_host_reset_handler()\n\n - ufshcd_eh_host_reset_handler() queues work that calls\n ufshcd_err_handler()\n\n - ufshcd_err_handler() locks up as follows:\n\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt\nCall trace:\n __switch_to+0x298/0x5d8\n __schedule+0x6cc/0xa94\n schedule+0x12c/0x298\n blk_mq_get_tag+0x210/0x480\n __blk_mq_alloc_request+0x1c8/0x284\n blk_get_request+0x74/0x134\n ufshcd_exec_dev_cmd+0x68/0x640\n ufshcd_verify_dev_init+0x68/0x35c\n ufshcd_probe_hba+0x12c/0x1cb8\n ufshcd_host_reset_and_restore+0x88/0x254\n ufshcd_reset_and_restore+0xd0/0x354\n ufshcd_err_handler+0x408/0xc58\n process_one_work+0x24c/0x66c\n worker_thread+0x3e8/0xa4c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nFix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved\nrequest.(CVE-2021-47622)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: seville: register the mdiobus under devres\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() <-\ndevres_release_all() <- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Seville VSC9959 switch is a platform device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n->remove on ->shutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls ->remove from ->shutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the seville switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe seville driver has a code structure that could accommodate both the\nmdiobus_unregister and mdiobus_free calls, but it has an external\ndependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls\ndevm_mdiobus_alloc_size() on its behalf. So rather than restructuring\nthat, and exporting yet one more symbol mscc_miim_teardown(), let's work\nwith devres and replace of_mdiobus_register with the devres variant.\nWhen we use all-devres, we can ensure that devres doesn't free a\nstill-registered bus (it either runs both callbacks, or none).(CVE-2022-48814)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against ->sock changing during sysfs read\n\n->sock can be set to NULL asynchronously unless ->recv_mutex is held.\nSo it is important to hold that mutex. Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a (\"SUNRPC: Check if the xprt is connected before\nhandling sysfs reads\") appears to attempt to fix this problem, but it\nonly narrows the race window.(CVE-2022-48816)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix leaking sent_cmd skb\n\nsent_cmd memory is not freed before freeing hci_dev causing it to leak\nit contents.(CVE-2022-48844)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock. If they don't, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0 CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread() cifs_debug_data_proc_show()\n release_mid()\n spin_lock(&server->mid_lock);\n spin_lock(&cifs_tcp_ses_lock)\n\t\t\t\t spin_lock(&server->mid_lock)\n __release_mid()\n smb2_find_smb_tcon()\n spin_lock(&cifs_tcp_ses_lock) *deadlock*(CVE-2023-52757)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: config: fix iteration issue in 'usb_get_bos_descriptor()'\n\nThe BOS descriptor defines a root descriptor and is the base descriptor for\naccessing a family of related descriptors.\n\nFunction 'usb_get_bos_descriptor()' encounters an iteration issue when\nskipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in\nthe same descriptor being read repeatedly.\n\nTo address this issue, a 'goto' statement is introduced to ensure that the\npointer and the amount read is updated correctly. This ensures that the\nfunction iterates to the next descriptor instead of reading the same\ndescriptor repeatedly.(CVE-2023-52781)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet's handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname 'nfs'\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n (CVE-2024-36939)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user.(CVE-2024-38559)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: hns3: Fix out-of-bound access when valid event group\n\nThe perf tool allows users to create event groups through following\ncmd [1], but the driver does not check whether the array index is out\nof bounds when writing data to the event_group array. If the number of\nevents in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the\nmemory write overflow of event_group array occurs.\n\nAdd array index check to fix the possible array out of bounds violation,\nand return directly when write new events are written to array bounds.\n\nThere are 9 different events in an event_group.\n[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}(CVE-2024-38568)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\necryptfs: Fix buffer size for tag 66 packet\n\nThe 'TAG 66 Packet Format' description is missing the cipher code and\nchecksum fields that are packed into the message packet. As a result,\nthe buffer allocated for the packet is 3 bytes too small and\nwrite_tag_66_packet() will write up to 3 bytes past the end of the\nbuffer.\n\nFix this by increasing the size of the allocation so the whole packet\nwill always fit in the buffer.\n\nThis fixes the below kasan slab-out-of-bounds bug:\n\n BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0\n Write of size 1 at addr ffff88800afbb2a5 by task touch/181\n\n CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x4c/0x70\n print_report+0xc5/0x610\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? kasan_complete_mode_report_info+0x44/0x210\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n kasan_report+0xc2/0x110\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n __asan_store1+0x62/0x80\n ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10\n ? __alloc_pages+0x2e2/0x540\n ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]\n ? dentry_open+0x8f/0xd0\n ecryptfs_write_metadata+0x30a/0x550\n ? __pfx_ecryptfs_write_metadata+0x10/0x10\n ? ecryptfs_get_lower_file+0x6b/0x190\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n ? __pfx_path_openat+0x10/0x10\n do_filp_open+0x15e/0x290\n ? __pfx_do_filp_open+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? _raw_spin_lock+0x86/0xf0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? alloc_fd+0xf4/0x330\n do_sys_openat2+0x122/0x160\n ? __pfx_do_sys_openat2+0x10/0x10\n __x64_sys_openat+0xef/0x170\n ? __pfx___x64_sys_openat+0x10/0x10\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f00a703fd67\n Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f\n RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\n RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67\n RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c\n RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000\n R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941\n R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040\n \n\n Allocated by task 181:\n kasan_save_stack+0x2f/0x60\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x25/0x40\n __kasan_kmalloc+0xc5/0xd0\n __kmalloc+0x66/0x160\n ecryptfs_generate_key_packet_set+0x6d2/0xde0\n ecryptfs_write_metadata+0x30a/0x550\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n do_filp_open+0x15e/0x290\n do_sys_openat2+0x122/0x160\n __x64_sys_openat+0xef/0x170\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8(CVE-2024-38578)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---(CVE-2024-38589)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Set lower bound of start tick time\n\nCurrently ALSA timer doesn't have the lower limit of the start tick\ntime, and it allows a very small size, e.g. 1 tick with 1ns resolution\nfor hrtimer. Such a situation may lead to an unexpected RCU stall,\nwhere the callback repeatedly queuing the expire update, as reported\nby fuzzer.\n\nThis patch introduces a sanity check of the timer start tick time, so\nthat the system returns an error when a too small start size is set.\nAs of this patch, the lower limit is hard-coded to 100us, which is\nsmall enough but can still work somehow.(CVE-2024-38618)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Check whether the media is initialized\n\nThe member \"uzonesize\" of struct alauda_info will remain 0\nif alauda_init_media() fails, potentially causing divide errors\nin alauda_read_data() and alauda_write_lba().\n- Add a member \"media_initialized\" to struct alauda_info.\n- Change a condition in alauda_check_media() to ensure the\n first initialization.\n- Add an error check for the return value of alauda_init_media().(CVE-2024-38619)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors\n\nThe error handling in nilfs_empty_dir() when a directory folio/page read\nfails is incorrect, as in the old ext2 implementation, and if the\nfolio/page cannot be read or nilfs_check_folio() fails, it will falsely\ndetermine the directory as empty and corrupt the file system.\n\nIn addition, since nilfs_empty_dir() does not immediately return on a\nfailed folio/page read, but continues to loop, this can cause a long loop\nwith I/O if i_size of the directory's inode is also corrupted, causing the\nlog writer thread to wait and hang, as reported by syzbot.\n\nFix these issues by making nilfs_empty_dir() immediately return a false\nvalue (0) if it fails to get a directory folio/page.(CVE-2024-39469)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions. Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.(CVE-2024-39472)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry's dname.name\n\n->d_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (->d_lock on dentry,\n->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.(CVE-2024-39494)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.(CVE-2024-39499)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: check for error-valued pointer\n\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing.(CVE-2024-39505)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver's immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().(CVE-2024-40904)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244(CVE-2024-40905)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta->ps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.(CVE-2024-40912)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.(CVE-2024-40929)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.(CVE-2024-40932)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won't see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.(CVE-2024-40941)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.(CVE-2024-40943)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Octeon: Add PCIe link status check\n\nThe standard PCIe configuration read-write interface is used to\naccess the configuration space of the peripheral PCIe devices\nof the mips processor after the PCIe link surprise down, it can\ngenerate kernel panic caused by \"Data bus error\". So it is\nnecessary to add PCIe link status check for system protection.\nWhen the PCIe link is down or in training, assigning a value\nof 0 to the configuration address can prevent read-write behavior\nto the configuration space of peripheral PCIe devices, thereby\npreventing kernel panic.(CVE-2024-40968)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Enforce hcall result buffer validity and size\n\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\n\nFor example, if I write a bug like this:\n\n long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\n plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\n\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\n\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\n\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n | ^ ~~~~~~\n\n[1] Enabled for LLVM builds but not GCC for now. See commit\n 0da6e5fd6c37 (\"gcc: disable '-Warray-bounds' for gcc-13 too\") and\n related changes.(CVE-2024-40974)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0(CVE-2024-40983)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.(CVE-2024-40984)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.(CVE-2024-40987)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Build event generation tests only as modules\n\nThe kprobes and synth event generation test modules add events and lock\n(get a reference) those event file reference in module init function,\nand unlock and delete it in module exit function. This is because those\nare designed for playing as modules.\n\nIf we make those modules as built-in, those events are left locked in the\nkernel, and never be removed. This causes kprobe event self-test failure\nas below.\n\n[ 97.349708] ------------[ cut here ]------------\n[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.357106] Modules linked in:\n[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14\n[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90\n[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286\n[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000\n[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68\n[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000\n[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000\n[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000\n[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0\n[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 97.391196] Call Trace:\n[ 97.391967] \n[ 97.392647] ? __warn+0xcc/0x180\n[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.395181] ? report_bug+0xbd/0x150\n[ 97.396234] ? handle_bug+0x3e/0x60\n[ 97.397311] ? exc_invalid_op+0x1a/0x50\n[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20\n[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20\n[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90\n[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.403773] ? init_kprobe_trace+0x50/0x50\n[ 97.404972] do_one_initcall+0x112/0x240\n[ 97.406113] do_initcall_level+0x95/0xb0\n[ 97.407286] ? kernel_init+0x1a/0x1a0\n[ 97.408401] do_initcalls+0x3f/0x70\n[ 97.409452] kernel_init_freeable+0x16f/0x1e0\n[ 97.410662] ? rest_init+0x1f0/0x1f0\n[ 97.411738] kernel_init+0x1a/0x1a0\n[ 97.412788] ret_from_fork+0x39/0x50\n[ 97.413817] ? rest_init+0x1f0/0x1f0\n[ 97.414844] ret_from_fork_asm+0x11/0x20\n[ 97.416285] \n[ 97.417134] irq event stamp: 13437323\n[ 97.418376] hardirqs last enabled at (13437337): [] console_unlock+0x11c/0x150\n[ 97.421285] hardirqs last disabled at (13437370): [] console_unlock+0x101/0x150\n[ 97.423838] softirqs last enabled at (13437366): [] handle_softirqs+0x23f/0x2a0\n[ 97.426450] softirqs last disabled at (13437393): [] __irq_exit_rcu+0x66/0xd0\n[ 97.428850] ---[ end trace 0000000000000000 ]---\n\nAnd also, since we can not cleanup dynamic_event file, ftracetest are\nfailed too.\n\nTo avoid these issues, build these tests only as modules.(CVE-2024-41004)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\n\tvalue changed: 0x0000000a -> 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi->poll_owner\nnon atomically. The ->poll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.(CVE-2024-41005)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk->icsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk->icsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.(CVE-2024-41007)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that \"owns\" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk's\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A's header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We've tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.(CVE-2024-41009)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for kernel is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"kernel", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1896", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + }, + { + "summary":"CVE-2021-47432", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47432&packageName=kernel" + }, + { + "summary":"CVE-2021-47622", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47622&packageName=kernel" + }, + { + "summary":"CVE-2022-48814", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48814&packageName=kernel" + }, + { + "summary":"CVE-2022-48816", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48816&packageName=kernel" + }, + { + "summary":"CVE-2022-48844", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48844&packageName=kernel" + }, + { + "summary":"CVE-2023-52757", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52757&packageName=kernel" + }, + { + "summary":"CVE-2023-52781", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52781&packageName=kernel" + }, + { + "summary":"CVE-2024-36939", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36939&packageName=kernel" + }, + { + "summary":"CVE-2024-38559", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38559&packageName=kernel" + }, + { + "summary":"CVE-2024-38568", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38568&packageName=kernel" + }, + { + "summary":"CVE-2024-38578", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38578&packageName=kernel" + }, + { + "summary":"CVE-2024-38589", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38589&packageName=kernel" + }, + { + "summary":"CVE-2024-38618", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38618&packageName=kernel" + }, + { + "summary":"CVE-2024-38619", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38619&packageName=kernel" + }, + { + "summary":"CVE-2024-39469", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39469&packageName=kernel" + }, + { + "summary":"CVE-2024-39472", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39472&packageName=kernel" + }, + { + "summary":"CVE-2024-39494", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39494&packageName=kernel" + }, + { + "summary":"CVE-2024-39499", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39499&packageName=kernel" + }, + { + "summary":"CVE-2024-39505", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39505&packageName=kernel" + }, + { + "summary":"CVE-2024-40904", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40904&packageName=kernel" + }, + { + "summary":"CVE-2024-40905", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40905&packageName=kernel" + }, + { + "summary":"CVE-2024-40912", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40912&packageName=kernel" + }, + { + "summary":"CVE-2024-40929", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40929&packageName=kernel" + }, + { + "summary":"CVE-2024-40932", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40932&packageName=kernel" + }, + { + "summary":"CVE-2024-40941", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40941&packageName=kernel" + }, + { + "summary":"CVE-2024-40943", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40943&packageName=kernel" + }, + { + "summary":"CVE-2024-40968", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40968&packageName=kernel" + }, + { + "summary":"CVE-2024-40974", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40974&packageName=kernel" + }, + { + "summary":"CVE-2024-40983", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40983&packageName=kernel" + }, + { + "summary":"CVE-2024-40984", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40984&packageName=kernel" + }, + { + "summary":"CVE-2024-40987", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40987&packageName=kernel" + }, + { + "summary":"CVE-2024-41004", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41004&packageName=kernel" + }, + { + "summary":"CVE-2024-41005", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41005&packageName=kernel" + }, + { + "summary":"CVE-2024-41007", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41007&packageName=kernel" + }, + { + "summary":"CVE-2024-41009", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41009&packageName=kernel" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47432" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47622" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48814" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48816" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48844" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52757" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52781" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36939" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38559" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38568" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38578" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38589" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38618" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38619" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39469" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39472" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39494" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39499" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39505" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40904" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40905" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40912" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40929" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40932" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40941" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40943" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40968" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40974" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40983" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40984" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40987" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41004" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41005" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41007" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41009" + }, + { + "summary":"openEuler-SA-2024-1896 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1896.json" + } + ], + "title":"An update for kernel is now available for openEuler-22.03-LTS-SP1", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:44+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:44+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date": "2024-07-27T10:35:00+08:00", + "summary": "final", + "number": "2.0.0" + } + ], + "generator":{ + "date":"2024-07-27T10:35:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-27T10:35:00+08:00", + "id":"openEuler-SA-2024-1896", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"perf-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"perf-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"perf-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "name":"python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm" + }, + "name":"python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-5.10.0-136.86.0.167.oe2203sp1.src.rpm", + "name":"kernel-5.10.0-136.86.0.167.oe2203sp1.src.rpm" + }, + "name":"kernel-5.10.0-136.86.0.167.oe2203sp1.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"perf-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"perf-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"perf-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "name":"python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm" + }, + "name":"python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"perf-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"perf-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "name":"python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-5.10.0-136.86.0.167.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "name":"kernel-5.10.0-136.86.0.167.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"perf-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"perf-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "name":"python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2021-47432", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don't overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2021-47432" + }, + { + "cve":"CVE-2021-47622", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: Fix a deadlock in the error handler\n\nThe following deadlock has been observed on a test setup:\n\n - All tags allocated\n\n - The SCSI error handler calls ufshcd_eh_host_reset_handler()\n\n - ufshcd_eh_host_reset_handler() queues work that calls\n ufshcd_err_handler()\n\n - ufshcd_err_handler() locks up as follows:\n\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt\nCall trace:\n __switch_to+0x298/0x5d8\n __schedule+0x6cc/0xa94\n schedule+0x12c/0x298\n blk_mq_get_tag+0x210/0x480\n __blk_mq_alloc_request+0x1c8/0x284\n blk_get_request+0x74/0x134\n ufshcd_exec_dev_cmd+0x68/0x640\n ufshcd_verify_dev_init+0x68/0x35c\n ufshcd_probe_hba+0x12c/0x1cb8\n ufshcd_host_reset_and_restore+0x88/0x254\n ufshcd_reset_and_restore+0xd0/0x354\n ufshcd_err_handler+0x408/0xc58\n process_one_work+0x24c/0x66c\n worker_thread+0x3e8/0xa4c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nFix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved\nrequest.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2021-47622" + }, + { + "cve":"CVE-2022-48814", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: seville: register the mdiobus under devres\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() <-\ndevres_release_all() <- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Seville VSC9959 switch is a platform device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n->remove on ->shutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls ->remove from ->shutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the seville switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe seville driver has a code structure that could accommodate both the\nmdiobus_unregister and mdiobus_free calls, but it has an external\ndependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls\ndevm_mdiobus_alloc_size() on its behalf. So rather than restructuring\nthat, and exporting yet one more symbol mscc_miim_teardown(), let's work\nwith devres and replace of_mdiobus_register with the devres variant.\nWhen we use all-devres, we can ensure that devres doesn't free a\nstill-registered bus (it either runs both callbacks, or none).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48814" + }, + { + "cve":"CVE-2022-48816", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against ->sock changing during sysfs read\n\n->sock can be set to NULL asynchronously unless ->recv_mutex is held.\nSo it is important to hold that mutex. Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a (\"SUNRPC: Check if the xprt is connected before\nhandling sysfs reads\") appears to attempt to fix this problem, but it\nonly narrows the race window.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48816" + }, + { + "cve":"CVE-2022-48844", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix leaking sent_cmd skb\n\nsent_cmd memory is not freed before freeing hci_dev causing it to leak\nit contents.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2022-48844" + }, + { + "cve":"CVE-2023-52757", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock. If they don't, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0 CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread() cifs_debug_data_proc_show()\n release_mid()\n spin_lock(&server->mid_lock);\n spin_lock(&cifs_tcp_ses_lock)\n\t\t\t\t spin_lock(&server->mid_lock)\n __release_mid()\n smb2_find_smb_tcon()\n spin_lock(&cifs_tcp_ses_lock) *deadlock*", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-52757" + }, + { + "cve":"CVE-2023-52781", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: config: fix iteration issue in 'usb_get_bos_descriptor()'\n\nThe BOS descriptor defines a root descriptor and is the base descriptor for\naccessing a family of related descriptors.\n\nFunction 'usb_get_bos_descriptor()' encounters an iteration issue when\nskipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in\nthe same descriptor being read repeatedly.\n\nTo address this issue, a 'goto' statement is introduced to ensure that the\npointer and the amount read is updated correctly. This ensures that the\nfunction iterates to the next descriptor instead of reading the same\ndescriptor repeatedly.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.3, + "vectorString":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-52781" + }, + { + "cve":"CVE-2024-36939", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet's handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname 'nfs'\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n ", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.6, + "vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-36939" + }, + { + "cve":"CVE-2024-38559", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-38559" + }, + { + "cve":"CVE-2024-38568", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: hns3: Fix out-of-bound access when valid event group\n\nThe perf tool allows users to create event groups through following\ncmd [1], but the driver does not check whether the array index is out\nof bounds when writing data to the event_group array. If the number of\nevents in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the\nmemory write overflow of event_group array occurs.\n\nAdd array index check to fix the possible array out of bounds violation,\nand return directly when write new events are written to array bounds.\n\nThere are 9 different events in an event_group.\n[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.1, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38568" + }, + { + "cve":"CVE-2024-38578", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\necryptfs: Fix buffer size for tag 66 packet\n\nThe 'TAG 66 Packet Format' description is missing the cipher code and\nchecksum fields that are packed into the message packet. As a result,\nthe buffer allocated for the packet is 3 bytes too small and\nwrite_tag_66_packet() will write up to 3 bytes past the end of the\nbuffer.\n\nFix this by increasing the size of the allocation so the whole packet\nwill always fit in the buffer.\n\nThis fixes the below kasan slab-out-of-bounds bug:\n\n BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0\n Write of size 1 at addr ffff88800afbb2a5 by task touch/181\n\n CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x4c/0x70\n print_report+0xc5/0x610\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? kasan_complete_mode_report_info+0x44/0x210\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n kasan_report+0xc2/0x110\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n __asan_store1+0x62/0x80\n ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10\n ? __alloc_pages+0x2e2/0x540\n ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]\n ? dentry_open+0x8f/0xd0\n ecryptfs_write_metadata+0x30a/0x550\n ? __pfx_ecryptfs_write_metadata+0x10/0x10\n ? ecryptfs_get_lower_file+0x6b/0x190\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n ? __pfx_path_openat+0x10/0x10\n do_filp_open+0x15e/0x290\n ? __pfx_do_filp_open+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? _raw_spin_lock+0x86/0xf0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? alloc_fd+0xf4/0x330\n do_sys_openat2+0x122/0x160\n ? __pfx_do_sys_openat2+0x10/0x10\n __x64_sys_openat+0xef/0x170\n ? __pfx___x64_sys_openat+0x10/0x10\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f00a703fd67\n Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f\n RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\n RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67\n RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c\n RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000\n R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941\n R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040\n \n\n Allocated by task 181:\n kasan_save_stack+0x2f/0x60\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x25/0x40\n __kasan_kmalloc+0xc5/0xd0\n __kmalloc+0x66/0x160\n ecryptfs_generate_key_packet_set+0x6d2/0xde0\n ecryptfs_write_metadata+0x30a/0x550\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n do_filp_open+0x15e/0x290\n do_sys_openat2+0x122/0x160\n __x64_sys_openat+0xef/0x170\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-38578" + }, + { + "cve":"CVE-2024-38589", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38589" + }, + { + "cve":"CVE-2024-38618", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Set lower bound of start tick time\n\nCurrently ALSA timer doesn't have the lower limit of the start tick\ntime, and it allows a very small size, e.g. 1 tick with 1ns resolution\nfor hrtimer. Such a situation may lead to an unexpected RCU stall,\nwhere the callback repeatedly queuing the expire update, as reported\nby fuzzer.\n\nThis patch introduces a sanity check of the timer start tick time, so\nthat the system returns an error when a too small start size is set.\nAs of this patch, the lower limit is hard-coded to 100us, which is\nsmall enough but can still work somehow.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38618" + }, + { + "cve":"CVE-2024-38619", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Check whether the media is initialized\n\nThe member \"uzonesize\" of struct alauda_info will remain 0\nif alauda_init_media() fails, potentially causing divide errors\nin alauda_read_data() and alauda_write_lba().\n- Add a member \"media_initialized\" to struct alauda_info.\n- Change a condition in alauda_check_media() to ensure the\n first initialization.\n- Add an error check for the return value of alauda_init_media().", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38619" + }, + { + "cve":"CVE-2024-39469", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors\n\nThe error handling in nilfs_empty_dir() when a directory folio/page read\nfails is incorrect, as in the old ext2 implementation, and if the\nfolio/page cannot be read or nilfs_check_folio() fails, it will falsely\ndetermine the directory as empty and corrupt the file system.\n\nIn addition, since nilfs_empty_dir() does not immediately return on a\nfailed folio/page read, but continues to loop, this can cause a long loop\nwith I/O if i_size of the directory's inode is also corrupted, causing the\nlog writer thread to wait and hang, as reported by syzbot.\n\nFix these issues by making nilfs_empty_dir() immediately return a false\nvalue (0) if it fails to get a directory folio/page.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39469" + }, + { + "cve":"CVE-2024-39472", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:xfs: fix log recovery buffer allocation for the legacy h_size fixupCommit a70f9fe52daa ( xfs: detect and handle invalid iclog size set bymkfs ) added a fixup for incorrect h_size values used for the initialumount record in old xfsprogs versions. Later commit 0c771b99d6c9( xfs: clean up calculation of LR header blocks ) cleaned up the logreover buffer calculation, but stoped using the fixed up h_size valueto size the log recovery buffer, which can lead to an out of boundsaccess when the incorrect h_size does not come from the old mkfstool, but a fuzzer.Fix this by open coding xlog_logrec_hblks and taking the fixed h_sizeinto account for this calculation.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39472" + }, + { + "cve":"CVE-2024-39494", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry's dname.name\n\n->d_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (->d_lock on dentry,\n->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-39494" + }, + { + "cve":"CVE-2024-39499", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39499" + }, + { + "cve":"CVE-2024-39505", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: check for error-valued pointer\n\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39505" + }, + { + "cve":"CVE-2024-40904", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver's immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40904" + }, + { + "cve":"CVE-2024-40905", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40905" + }, + { + "cve":"CVE-2024-40912", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta->ps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40912" + }, + { + "cve":"CVE-2024-40929", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40929" + }, + { + "cve":"CVE-2024-40932", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40932" + }, + { + "cve":"CVE-2024-40941", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won't see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40941" + }, + { + "cve":"CVE-2024-40943", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40943" + }, + { + "cve":"CVE-2024-40968", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Octeon: Add PCIe link status check\n\nThe standard PCIe configuration read-write interface is used to\naccess the configuration space of the peripheral PCIe devices\nof the mips processor after the PCIe link surprise down, it can\ngenerate kernel panic caused by \"Data bus error\". So it is\nnecessary to add PCIe link status check for system protection.\nWhen the PCIe link is down or in training, assigning a value\nof 0 to the configuration address can prevent read-write behavior\nto the configuration space of peripheral PCIe devices, thereby\npreventing kernel panic.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40968" + }, + { + "cve":"CVE-2024-40974", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Enforce hcall result buffer validity and size\n\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\n\nFor example, if I write a bug like this:\n\n long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\n plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\n\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\n\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\n\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n | ^ ~~~~~~\n\n[1] Enabled for LLVM builds but not GCC for now. See commit\n 0da6e5fd6c37 (\"gcc: disable '-Warray-bounds' for gcc-13 too\") and\n related changes.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40974" + }, + { + "cve":"CVE-2024-40983", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40983" + }, + { + "cve":"CVE-2024-40984", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40984" + }, + { + "cve":"CVE-2024-40987", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40987" + }, + { + "cve":"CVE-2024-41004", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Build event generation tests only as modules\n\nThe kprobes and synth event generation test modules add events and lock\n(get a reference) those event file reference in module init function,\nand unlock and delete it in module exit function. This is because those\nare designed for playing as modules.\n\nIf we make those modules as built-in, those events are left locked in the\nkernel, and never be removed. This causes kprobe event self-test failure\nas below.\n\n[ 97.349708] ------------[ cut here ]------------\n[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.357106] Modules linked in:\n[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14\n[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90\n[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286\n[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000\n[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68\n[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000\n[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000\n[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000\n[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0\n[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 97.391196] Call Trace:\n[ 97.391967] \n[ 97.392647] ? __warn+0xcc/0x180\n[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.395181] ? report_bug+0xbd/0x150\n[ 97.396234] ? handle_bug+0x3e/0x60\n[ 97.397311] ? exc_invalid_op+0x1a/0x50\n[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20\n[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20\n[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90\n[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.403773] ? init_kprobe_trace+0x50/0x50\n[ 97.404972] do_one_initcall+0x112/0x240\n[ 97.406113] do_initcall_level+0x95/0xb0\n[ 97.407286] ? kernel_init+0x1a/0x1a0\n[ 97.408401] do_initcalls+0x3f/0x70\n[ 97.409452] kernel_init_freeable+0x16f/0x1e0\n[ 97.410662] ? rest_init+0x1f0/0x1f0\n[ 97.411738] kernel_init+0x1a/0x1a0\n[ 97.412788] ret_from_fork+0x39/0x50\n[ 97.413817] ? rest_init+0x1f0/0x1f0\n[ 97.414844] ret_from_fork_asm+0x11/0x20\n[ 97.416285] \n[ 97.417134] irq event stamp: 13437323\n[ 97.418376] hardirqs last enabled at (13437337): [] console_unlock+0x11c/0x150\n[ 97.421285] hardirqs last disabled at (13437370): [] console_unlock+0x101/0x150\n[ 97.423838] softirqs last enabled at (13437366): [] handle_softirqs+0x23f/0x2a0\n[ 97.426450] softirqs last disabled at (13437393): [] __irq_exit_rcu+0x66/0xd0\n[ 97.428850] ---[ end trace 0000000000000000 ]---\n\nAnd also, since we can not cleanup dynamic_event file, ftracetest are\nfailed too.\n\nTo avoid these issues, build these tests only as modules.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-41004" + }, + { + "cve":"CVE-2024-41005", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\n\tvalue changed: 0x0000000a -> 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi->poll_owner\nnon atomically. The ->poll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-41005" + }, + { + "cve":"CVE-2024-41007", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk->icsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk->icsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-41007" + }, + { + "cve":"CVE-2024-41009", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:bpf: Fix overrunning reservations in ringbufThe BPF ring buffer internally is implemented as a power-of-2 sized circularbuffer, with two logical and ever-increasing counters: consumer_pos is theconsumer counter to show which logical position the consumer consumed thedata, and producer_pos which is the producer counter denoting the amount ofdata reserved by all producers.Each time a record is reserved, the producer that owns the record willsuccessfully advance producer counter. In user space each time a record isread, the consumer of the data advanced the consumer counter once it finishedprocessing. Both counters are stored in separate pages so that from userspace, the producer counter is read-only and the consumer counter is read-write.One aspect that simplifies and thus speeds up the implementation of bothproducers and consumers is how the data area is mapped twice contiguouslyback-to-back in the virtual memory, allowing to not take any special measuresfor samples that have to wrap around at the end of the circular buffer dataarea, because the next page after the last data page would be first data pageagain, and thus the sample will still appear completely contiguous in virtualmemory.Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header forbook-keeping the length and offset, and is inaccessible to the BPF program.Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`for the BPF program to use. Bing-Jhong and Muhammad reported that it is howeverpossible to make a second allocated memory chunk overlapping with the firstchunk and as a result, the BPF program is now able to edit first chunk sheader.For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with sizeof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call tobpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, letsallocate a chunk B with size 0x3000. This will succeed because consumer_poswas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`check. Chunk B will be in range [0x3008,0x6010], and the BPF program is ableto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentionedearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same datapages. This means that chunk B at [0x4000,0x4008] is chunk A s header.bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header s pg_off to thenlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunkB modified chunk A s header, then bpf_ringbuf_commit() refers to the wrongpage and could cause a crash.Fix it by calculating the oldest pending_pos and check whether the rangefrom the oldest outstanding record to the newest would span beyond the ringbuffer size. If that is the case, then reject the request. We ve tested withthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)before/after the fix and while it seems a bit slower on some benchmarks, itis still not significantly enough to matter.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-41009" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1897.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1897.json new file mode 100644 index 0000000..4b1d2b5 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1897.json @@ -0,0 +1,6848 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Critical" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"kernel security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for kernel is now available for openEuler-24.03-LTS", + "category":"general", + "title":"Summary" + }, + { + "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nPCI: of_property: Return error for int_map allocation failure\n\nReturn -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a\nNULL pointer dereference in this case.\n\n[bhelgaas: commit log](CVE-2024-34030)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/arm/malidp: fix a possible null pointer dereference\n\nIn malidp_mw_connector_reset, new memory is allocated with kzalloc, but\nno check is performed. In order to prevent null pointer dereferencing,\nensure that mw_state is checked before calling\n__drm_atomic_helper_connector_reset.(CVE-2024-36014)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix possible out-of-bounds in gsm0_receive()\n\nAssuming the following:\n- side A configures the n_gsm in basic option mode\n- side B sends the header of a basic option mode frame with data length 1\n- side A switches to advanced option mode\n- side B sends 2 data bytes which exceeds gsm->len\n Reason: gsm->len is not used in advanced option mode.\n- side A switches to basic option mode\n- side B keeps sending until gsm0_receive() writes past gsm->buf\n Reason: Neither gsm->state nor gsm->len have been reset after\n reconfiguration.\n\nFix this by changing gsm->count to gsm->len comparison from equal to less\nthan. Also add upper limit checks against the constant MAX_MRU in\ngsm0_receive() and gsm1_receive() to harden against memory corruption of\ngsm->len and gsm->mru.\n\nAll other checks remain as we still need to limit the data according to the\nuser configuration and actual payload size.(CVE-2024-36016)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix overwrite of key expiration on instantiation\n\nThe expiry time of a key is unconditionally overwritten during\ninstantiation, defaulting to turn it permanent. This causes a problem\nfor DNS resolution as the expiration set by user-space is overwritten to\nTIME64_MAX, disabling further DNS updates. Fix this by restoring the\ncondition that key_set_expiry is only called when the pre-parser sets a\nspecific expiry.(CVE-2024-36031)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmm/userfaultfd: reset ptes when close() for wr-protected ones\n\nUserfaultfd unregister includes a step to remove wr-protect bits from all\nthe relevant pgtable entries, but that only covered an explicit\nUFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover\nthat too. This fixes a WARN trace.\n\nThe only user visible side effect is the user can observe leftover\nwr-protect bits even if the user close()ed on an userfaultfd when\nreleasing the last reference of it. However hopefully that should be\nharmless, and nothing bad should happen even if so.\n\nThis change is now more important after the recent page-table-check\npatch we merged in mm-unstable (446dd9ad37d0 (\"mm/page_table_check:\nsupport userfault wr-protect entries\")), as we'll do sanity check on\nuffd-wp bits without vma context. So it's better if we can 100%\nguarantee no uffd-wp bit leftovers, to make sure each report will be\nvalid.(CVE-2024-36881)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet's handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname 'nfs'\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n (CVE-2024-36939)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix vlan use-after-free\n\nsyzbot reported a suspicious rcu usage[1] in bridge's mst code. While\nfixing it I noticed that nothing prevents a vlan to be freed while\nwalking the list from the same path (br forward delay timer). Fix the rcu\nusage and also make sure we are not accessing freed memory by making\nbr_mst_vlan_set_state use rcu read lock.\n\n[1]\n WARNING: suspicious RCU usage\n 6.9.0-rc6-syzkaller #0 Not tainted\n -----------------------------\n net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage!\n ...\n stack backtrace:\n CPU: 1 PID: 8017 Comm: syz-executor.1 Not tainted 6.9.0-rc6-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n Call Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n nbp_vlan_group net/bridge/br_private.h:1599 [inline]\n br_mst_set_state+0x1ea/0x650 net/bridge/br_mst.c:105\n br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47\n br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88\n call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429\n run_timer_base kernel/time/timer.c:2438 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448\n __do_softirq+0x2c6/0x980 kernel/softirq.c:554\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:645\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \n \n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758\n Code: 2b 00 74 08 4c 89 f7 e8 ba d1 84 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25\n RSP: 0018:ffffc90013657100 EFLAGS: 00000206\n RAX: 0000000000000001 RBX: 1ffff920026cae2c RCX: 0000000000000001\n RDX: dffffc0000000000 RSI: ffffffff8bcaca00 RDI: ffffffff8c1eaa60\n RBP: ffffc90013657260 R08: ffffffff92efe507 R09: 1ffffffff25dfca0\n R10: dffffc0000000000 R11: fffffbfff25dfca1 R12: 1ffff920026cae28\n R13: dffffc0000000000 R14: ffffc90013657160 R15: 0000000000000246(CVE-2024-36979)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user.(CVE-2024-38559)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\necryptfs: Fix buffer size for tag 66 packet\n\nThe 'TAG 66 Packet Format' description is missing the cipher code and\nchecksum fields that are packed into the message packet. As a result,\nthe buffer allocated for the packet is 3 bytes too small and\nwrite_tag_66_packet() will write up to 3 bytes past the end of the\nbuffer.\n\nFix this by increasing the size of the allocation so the whole packet\nwill always fit in the buffer.\n\nThis fixes the below kasan slab-out-of-bounds bug:\n\n BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0\n Write of size 1 at addr ffff88800afbb2a5 by task touch/181\n\n CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x4c/0x70\n print_report+0xc5/0x610\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? kasan_complete_mode_report_info+0x44/0x210\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n kasan_report+0xc2/0x110\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n __asan_store1+0x62/0x80\n ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10\n ? __alloc_pages+0x2e2/0x540\n ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]\n ? dentry_open+0x8f/0xd0\n ecryptfs_write_metadata+0x30a/0x550\n ? __pfx_ecryptfs_write_metadata+0x10/0x10\n ? ecryptfs_get_lower_file+0x6b/0x190\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n ? __pfx_path_openat+0x10/0x10\n do_filp_open+0x15e/0x290\n ? __pfx_do_filp_open+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? _raw_spin_lock+0x86/0xf0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? alloc_fd+0xf4/0x330\n do_sys_openat2+0x122/0x160\n ? __pfx_do_sys_openat2+0x10/0x10\n __x64_sys_openat+0xef/0x170\n ? __pfx___x64_sys_openat+0x10/0x10\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f00a703fd67\n Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f\n RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\n RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67\n RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c\n RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000\n R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941\n R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040\n \n\n Allocated by task 181:\n kasan_save_stack+0x2f/0x60\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x25/0x40\n __kasan_kmalloc+0xc5/0xd0\n __kmalloc+0x66/0x160\n ecryptfs_generate_key_packet_set+0x6d2/0xde0\n ecryptfs_write_metadata+0x30a/0x550\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n do_filp_open+0x15e/0x290\n do_sys_openat2+0x122/0x160\n __x64_sys_openat+0xef/0x170\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8(CVE-2024-38578)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---(CVE-2024-38589)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Set lower bound of start tick time\n\nCurrently ALSA timer doesn't have the lower limit of the start tick\ntime, and it allows a very small size, e.g. 1 tick with 1ns resolution\nfor hrtimer. Such a situation may lead to an unexpected RCU stall,\nwhere the callback repeatedly queuing the expire update, as reported\nby fuzzer.\n\nThis patch introduces a sanity check of the timer start tick time, so\nthat the system returns an error when a too small start size is set.\nAs of this patch, the lower limit is hard-coded to 100us, which is\nsmall enough but can still work somehow.(CVE-2024-38618)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Check whether the media is initialized\n\nThe member \"uzonesize\" of struct alauda_info will remain 0\nif alauda_init_media() fails, potentially causing divide errors\nin alauda_read_data() and alauda_write_lba().\n- Add a member \"media_initialized\" to struct alauda_info.\n- Change a condition in alauda_check_media() to ensure the\n first initialization.\n- Add an error check for the return value of alauda_init_media().(CVE-2024-38619)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\n9p: add missing locking around taking dentry fid list\n\nFix a use-after-free on dentry's d_fsdata fid list when a thread\nlooks up a fid through dentry while another thread unlinks it:\n\nUAF thread:\nrefcount_t: addition on 0; use-after-free.\n p9_fid_get linux/./include/net/9p/client.h:262\n v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129\n v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181\n v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314\n v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400\n vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248\n\nFreed by:\n p9_fid_destroy (inlined)\n p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456\n p9_fid_put linux/./include/net/9p/client.h:278\n v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55\n v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518\n vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335\n\nThe problem is that d_fsdata was not accessed under d_lock, because\nd_release() normally is only called once the dentry is otherwise no\nlonger accessible but since we also call it explicitly in v9fs_remove\nthat lock is required:\nmove the hlist out of the dentry under lock then unref its fids once\nthey are no longer accessible.(CVE-2024-39463)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors\n\nThe error handling in nilfs_empty_dir() when a directory folio/page read\nfails is incorrect, as in the old ext2 implementation, and if the\nfolio/page cannot be read or nilfs_check_folio() fails, it will falsely\ndetermine the directory as empty and corrupt the file system.\n\nIn addition, since nilfs_empty_dir() does not immediately return on a\nfailed folio/page read, but continues to loop, this can cause a long loop\nwith I/O if i_size of the directory's inode is also corrupted, causing the\nlog writer thread to wait and hang, as reported by syzbot.\n\nFix these issues by making nilfs_empty_dir() immediately return a false\nvalue (0) if it fails to get a directory folio/page.(CVE-2024-39469)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions. Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.(CVE-2024-39472)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Properly re-initialise notifier entry in unregister\n\nThe notifier_entry of a notifier is not re-initialised after unregistering\nthe notifier. This leads to dangling pointers being left there so use\nlist_del_init() to return the notifier_entry an empty list.(CVE-2024-39485)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry's dname.name\n\n->d_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (->d_lock on dentry,\n->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.(CVE-2024-39494)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.(CVE-2024-39499)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: check for error-valued pointer\n\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing.(CVE-2024-39505)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta->ps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.(CVE-2024-40912)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found\n\nWhen reading EDID fails and driver reports no modes available, the DRM\ncore adds an artificial 1024x786 mode to the connector. Unfortunately\nsome variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not\nable to drive such mode, so report a safe 640x480 mode instead of nothing\nin case of the EDID reading failure.\n\nThis fixes the following issue observed on Trats2 board since commit\n13d5b040363c (\"drm/exynos: do not return negative values from .get_modes()\"):\n\n[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations\nexynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)\nexynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)\nexynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)\nexynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)\nexynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)\n[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1\nexynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state\npanel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c\nexynos-mixer 12c10000.mixer: timeout waiting for VSYNC\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n[CRTC:70:crtc-1] vblank wait timed out\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x68/0x88\n dump_stack_lvl from __warn+0x7c/0x1c4\n __warn from warn_slowpath_fmt+0x11c/0x1a8\n warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c\n drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184\n commit_tail from drm_atomic_helper_commit+0x168/0x190\n drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0\n drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c\n drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc\n drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40\n drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4\n __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c\n drm_fb_helper_set_par from fbcon_init+0x3d8/0x550\n fbcon_init from visual_init+0xc0/0x108\n visual_init from do_bind_con_driver+0x1b8/0x3a4\n do_bind_con_driver from do_take_over_console+0x140/0x1ec\n do_take_over_console from do_fbcon_takeover+0x70/0xd0\n do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac\n fbcon_fb_registered from register_framebuffer+0x190/0x21c\n register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574\n __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0\n exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94\n drm_client_register from exynos_drm_bind+0x160/0x190\n exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8\n try_to_bring_up_aggregate_device from __component_add+0xb0/0x170\n __component_add from mixer_probe+0x74/0xcc\n mixer_probe from platform_probe+0x5c/0xb8\n platform_probe from really_probe+0xe0/0x3d8\n really_probe from __driver_probe_device+0x9c/0x1e4\n __driver_probe_device from driver_probe_device+0x30/0xc0\n driver_probe_device from __device_attach_driver+0xa8/0x120\n __device_attach_driver from bus_for_each_drv+0x80/0xcc\n bus_for_each_drv from __device_attach+0xac/0x1fc\n __device_attach from bus_probe_device+0x8c/0x90\n bus_probe_device from deferred_probe_work_func+0\n---truncated---(CVE-2024-40916)\n\nIn the Linux kernel, the following vulnerability has been resolved: parisc: Try to fix random segmentation faults in package builds PA-RISC systems with PA8800 and PA8900 processors have had problems with random segmentation faults for many years. Systems with earlier processors are much more stable. Systems with PA8800 and PA8900 processors have a large L2 cache which needs per page flushing for decent performance when a large range is flushed. The combined cache in these systems is also more sensitive to non-equivalent aliases than the caches in earlier systems. The majority of random segmentation faults that I have looked at appear to be memory corruption in memory allocated using mmap and malloc. My first attempt at fixing the random faults didn't work. On reviewing the cache code, I realized that there were two issues which the existing code didn't handle correctly. Both relate to cache move-in. Another issue is that the present bit in PTEs is racy. 1) PA-RISC caches have a mind of their own and they can speculatively load data and instructions for a page as long as there is a entry in the TLB for the page which allows move-in. TLBs are local to each CPU. Thus, the TLB entry for a page must be purged before flushing the page. This is particularly important on SMP systems. In some of the flush routines, the flush routine would be called and then the TLB entry would be purged. This was because the flush routine needed the TLB entry to do the flush. 2) My initial approach to trying the fix the random faults was to try and use flush_cache_page_if_present for all flush operations. This actually made things worse and led to a couple of hardware lockups. It finally dawned on me that some lines weren't being flushed because the pte check code was racy. This resulted in random inequivalent mappings to physical pages. The __flush_cache_page tmpalias flush sets up its own TLB entry and it doesn't need the existing TLB entry. As long as we can find the pte pointer for the vm page, we can get the pfn and physical address of the page. We can also purge the TLB entry for the page before doing the flush. Further, __flush_cache_page uses a special TLB entry that inhibits cache move-in. When switching page mappings, we need to ensure that lines are removed from the cache. It is not sufficient to just flush the lines to memory as they may come back. This made it clear that we needed to implement all the required flush operations using tmpalias routines. This includes flushes for user and kernel pages. After modifying the code to use tmpalias flushes, it became clear that the random segmentation faults were not fully resolved. The frequency of faults was worse on systems with a 64 MB L2 (PA8900) and systems with more CPUs (rp4440). The warning that I added to flush_cache_page_if_present to detect pages that couldn't be flushed triggered frequently on some systems. Helge and I looked at the pages that couldn't be flushed and found that the PTE was either cleared or for a swap page. Ignoring pages that were swapped out seemed okay but pages with cleared PTEs seemed problematic. I looked at routines related to pte_clear and noticed ptep_clear_flush. The default implementation just flushes the TLB entry. However, it was obvious that on parisc we need to flush the cache page as well. If we don't flush the cache page, stale lines will be left in the cache and cause random corruption. Once a PTE is cleared, there is no way to find the physical address associated with the PTE and flush the associated page at a later time. I implemented an updated change with a parisc specific version of ptep_clear_flush. It fixed the random data corruption on Helge's rp4440 and rp3440, as well as on my c8000. At this point, I realized that I could restore the code where we only flush in flush_cache_page_if_present if the page has been accessed. However, for this, we also need to flush the cache when the accessed bit is cleared in ---truncated---(CVE-2024-40918)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: disable rx data ring on dma allocation failure\n\nWhen vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,\nthe subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset\nrq->data_ring.desc_size for the data ring that failed, which presumably\ncauses the hypervisor to reference it on packet reception.\n\nTo fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell\nthe hypervisor to disable this feature.\n\n[ 95.436876] kernel BUG at net/core/skbuff.c:207!\n[ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1\n[ 95.441558] Hardware name: VMware, Inc. VMware Virtual\nPlatform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018\n[ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f\n[ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50\nff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9\nff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24\n[ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246\n[ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f\n[ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f\n[ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60\n[ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000\n[ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0\n[ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000\n[ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0\n[ 95.459791] Call Trace:\n[ 95.460515] \n[ 95.461180] ? __die_body.cold+0x19/0x27\n[ 95.462150] ? die+0x2e/0x50\n[ 95.462976] ? do_trap+0xca/0x110\n[ 95.463973] ? do_error_trap+0x6a/0x90\n[ 95.464966] ? skb_panic+0x4d/0x4f\n[ 95.465901] ? exc_invalid_op+0x50/0x70\n[ 95.466849] ? skb_panic+0x4d/0x4f\n[ 95.467718] ? asm_exc_invalid_op+0x1a/0x20\n[ 95.468758] ? skb_panic+0x4d/0x4f\n[ 95.469655] skb_put.cold+0x10/0x10\n[ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]\n[ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]\n[ 95.473185] __napi_poll+0x2b/0x160\n[ 95.474145] net_rx_action+0x2c6/0x3b0\n[ 95.475115] handle_softirqs+0xe7/0x2a0\n[ 95.476122] __irq_exit_rcu+0x97/0xb0\n[ 95.477109] common_interrupt+0x85/0xa0\n[ 95.478102] \n[ 95.478846] \n[ 95.479603] asm_common_interrupt+0x26/0x40\n[ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20\n[ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90\n[ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246\n[ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000\n[ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001\n[ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3\n[ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260\n[ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000\n[ 95.495035] acpi_safe_halt+0x14/0x20\n[ 95.496127] acpi_idle_do_entry+0x2f/0x50\n[ 95.497221] acpi_idle_enter+0x7f/0xd0\n[ 95.498272] cpuidle_enter_state+0x81/0x420\n[ 95.499375] cpuidle_enter+0x2d/0x40\n[ 95.500400] do_idle+0x1e5/0x240\n[ 95.501385] cpu_startup_entry+0x29/0x30\n[ 95.502422] start_secondary+0x11c/0x140\n[ 95.503454] common_startup_64+0x13e/0x141\n[ 95.504466] \n[ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4\nnft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip\n---truncated---(CVE-2024-40923)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.(CVE-2024-40929)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.(CVE-2024-40932)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix memregion leaks in devm_cxl_add_region()\n\nMove the mode verification to __create_region() before allocating the\nmemregion to avoid the memregion leaks.(CVE-2024-40936)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won't see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.(CVE-2024-40941)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.(CVE-2024-40943)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()\n\nbdev->bd_super has been removed and commit 8887b94d9322 change the usage\nfrom bdev->bd_super to b_assoc_map->host->i_sb. Since ocfs2 hasn't set\nbh->b_assoc_map, it will trigger NULL pointer dereference when calling\ninto ocfs2_abort_trigger().\n\nActually this was pointed out in history, see commit 74e364ad1b13. But\nI've made a mistake when reviewing commit 8887b94d9322 and then\nre-introduce this regression.\n\nSince we cannot revive bdev in buffer head, so fix this issue by\ninitializing all types of ocfs2 triggers when fill super, and then get the\nspecific ocfs2 trigger from ocfs2_caching_info when access journal.\n\n[joseph.qi@linux.alibaba.com: v2]\n Link: https://lkml.kernel.org/r/20240602112045.1112708-1-joseph.qi@linux.alibaba.com(CVE-2024-40951)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()\n\nbdev->bd_super has been removed and commit 8887b94d9322 change the usage\nfrom bdev->bd_super to b_assoc_map->host->i_sb. This introduces the\nfollowing NULL pointer dereference in ocfs2_journal_dirty() since\nb_assoc_map is still not initialized. This can be easily reproduced by\nrunning xfstests generic/186, which simulate no more credits.\n\n[ 134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000\n...\n[ 134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\n...\n[ 134.365071] Call Trace:\n[ 134.365312] \n[ 134.365524] ? __die_body+0x1e/0x60\n[ 134.365868] ? page_fault_oops+0x13d/0x4f0\n[ 134.366265] ? __pfx_bit_wait_io+0x10/0x10\n[ 134.366659] ? schedule+0x27/0xb0\n[ 134.366981] ? exc_page_fault+0x6a/0x140\n[ 134.367356] ? asm_exc_page_fault+0x26/0x30\n[ 134.367762] ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\n[ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2]\n[ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2]\n[ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2]\n[ 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2]\n[ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2]\n[ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2]\n[ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2]\n[ 134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2]\n[ 134.372994] ? inode_update_timestamps+0x4a/0x120\n[ 134.373692] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\n[ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\n[ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2]\n[ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2]\n[ 134.376971] ? security_file_permission+0x29/0x50\n[ 134.377644] vfs_clone_file_range+0xfe/0x320\n[ 134.378268] ioctl_file_clone+0x45/0xa0\n[ 134.378853] do_vfs_ioctl+0x457/0x990\n[ 134.379422] __x64_sys_ioctl+0x6e/0xd0\n[ 134.379987] do_syscall_64+0x5d/0x170\n[ 134.380550] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 134.381231] RIP: 0033:0x7fa4926397cb\n[ 134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48\n[ 134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb\n[ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003\n[ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000\n[ 134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000\n[ 134.389207] \n\nFix it by only aborting transaction and journal in ocfs2_journal_dirty()\nnow, and leave ocfs2_abort() later when detecting an aborted handle,\ne.g. start next transaction. Also log the handle details in this case.(CVE-2024-40952)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nseg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors\n\ninput_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for\nPREROUTING hook, in PREROUTING hook, we should passing a valid indev,\nand a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer\ndereference, as below:\n\n [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090\n [74830.655633] #PF: supervisor read access in kernel mode\n [74830.657888] #PF: error_code(0x0000) - not-present page\n [74830.659500] PGD 0 P4D 0\n [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI\n ...\n [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter]\n ...\n [74830.689725] Call Trace:\n [74830.690402] \n [74830.690953] ? show_trace_log_lvl+0x1c4/0x2df\n [74830.692020] ? show_trace_log_lvl+0x1c4/0x2df\n [74830.693095] ? ipt_do_table+0x286/0x710 [ip_tables]\n [74830.694275] ? __die_body.cold+0x8/0xd\n [74830.695205] ? page_fault_oops+0xac/0x140\n [74830.696244] ? exc_page_fault+0x62/0x150\n [74830.697225] ? asm_exc_page_fault+0x22/0x30\n [74830.698344] ? rpfilter_mt+0x44/0x15e [ipt_rpfilter]\n [74830.699540] ipt_do_table+0x286/0x710 [ip_tables]\n [74830.700758] ? ip6_route_input+0x19d/0x240\n [74830.701752] nf_hook_slow+0x3f/0xb0\n [74830.702678] input_action_end_dx4+0x19b/0x1e0\n [74830.703735] ? input_action_end_t+0xe0/0xe0\n [74830.704734] seg6_local_input_core+0x2d/0x60\n [74830.705782] lwtunnel_input+0x5b/0xb0\n [74830.706690] __netif_receive_skb_one_core+0x63/0xa0\n [74830.707825] process_backlog+0x99/0x140\n [74830.709538] __napi_poll+0x2c/0x160\n [74830.710673] net_rx_action+0x296/0x350\n [74830.711860] __do_softirq+0xcb/0x2ac\n [74830.713049] do_softirq+0x63/0x90\n\ninput_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally\ntrigger a NULL dereference in rpfilter_mt()->rpfilter_is_loopback():\n\n static bool\n rpfilter_is_loopback(const struct sk_buff *skb,\n \t const struct net_device *in)\n {\n // in is NULL\n return skb->pkt_type == PACKET_LOOPBACK ||\n \t in->flags & IFF_LOOPBACK;\n }(CVE-2024-40957)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Octeon: Add PCIe link status check\n\nThe standard PCIe configuration read-write interface is used to\naccess the configuration space of the peripheral PCIe devices\nof the mips processor after the PCIe link surprise down, it can\ngenerate kernel panic caused by \"Data bus error\". So it is\nnecessary to add PCIe link status check for system protection.\nWhen the PCIe link is down or in training, assigning a value\nof 0 to the configuration address can prevent read-write behavior\nto the configuration space of peripheral PCIe devices, thereby\npreventing kernel panic.(CVE-2024-40968)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Enforce hcall result buffer validity and size\n\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\n\nFor example, if I write a bug like this:\n\n long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\n plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\n\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\n\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\n\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n | ^ ~~~~~~\n\n[1] Enabled for LLVM builds but not GCC for now. See commit\n 0da6e5fd6c37 (\"gcc: disable '-Warray-bounds' for gcc-13 too\") and\n related changes.(CVE-2024-40974)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Unregister devices in reverse order\n\nNot all subsystems support a device getting removed while there are\nstill consumers of the device with a reference to the device.\n\nOne example of this is the regulator subsystem. If a regulator gets\nunregistered while there are still drivers holding a reference\na WARN() at drivers/regulator/core.c:5829 triggers, e.g.:\n\n WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:5829 regulator_unregister\n Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLADE_21.X64.0005.R00.1504101516 FFD8_X64_R_2015_04_10_1516 04/10/2015\n RIP: 0010:regulator_unregister\n Call Trace:\n \n regulator_unregister\n devres_release_group\n i2c_device_remove\n device_release_driver_internal\n bus_remove_device\n device_del\n device_unregister\n x86_android_tablet_remove\n\nOn the Lenovo Yoga Tablet 2 series the bq24190 charger chip also provides\na 5V boost converter output for powering USB devices connected to the micro\nUSB port, the bq24190-charger driver exports this as a Vbus regulator.\n\nOn the 830 (8\") and 1050 (\"10\") models this regulator is controlled by\na platform_device and x86_android_tablet_remove() removes platform_device-s\nbefore i2c_clients so the consumer gets removed first.\n\nBut on the 1380 (13\") model there is a lc824206xa micro-USB switch\nconnected over I2C and the extcon driver for that controls the regulator.\nThe bq24190 i2c-client *must* be registered first, because that creates\nthe regulator with the lc824206xa listed as its consumer. If the regulator\nhas not been registered yet the lc824206xa driver will end up getting\na dummy regulator.\n\nSince in this case both the regulator provider and consumer are I2C\ndevices, the only way to ensure that the consumer is unregistered first\nis to unregister the I2C devices in reverse order of in which they were\ncreated.\n\nFor consistency and to avoid similar problems in the future change\nx86_android_tablet_remove() to unregister all device types in reverse\norder.(CVE-2024-40975)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921s: fix potential hung tasks during chip recovery\n\nDuring chip recovery (e.g. chip reset), there is a possible situation that\nkernel worker reset_work is holding the lock and waiting for kernel thread\nstat_worker to be parked, while stat_worker is waiting for the release of\nthe same lock.\nIt causes a deadlock resulting in the dumping of hung tasks messages and\npossible rebooting of the device.\n\nThis patch prevents the execution of stat_worker during the chip recovery.(CVE-2024-40977)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0(CVE-2024-40983)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.(CVE-2024-40984)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.(CVE-2024-40987)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Build event generation tests only as modules\n\nThe kprobes and synth event generation test modules add events and lock\n(get a reference) those event file reference in module init function,\nand unlock and delete it in module exit function. This is because those\nare designed for playing as modules.\n\nIf we make those modules as built-in, those events are left locked in the\nkernel, and never be removed. This causes kprobe event self-test failure\nas below.\n\n[ 97.349708] ------------[ cut here ]------------\n[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.357106] Modules linked in:\n[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14\n[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90\n[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286\n[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000\n[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68\n[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000\n[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000\n[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000\n[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0\n[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 97.391196] Call Trace:\n[ 97.391967] \n[ 97.392647] ? __warn+0xcc/0x180\n[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.395181] ? report_bug+0xbd/0x150\n[ 97.396234] ? handle_bug+0x3e/0x60\n[ 97.397311] ? exc_invalid_op+0x1a/0x50\n[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20\n[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20\n[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90\n[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.403773] ? init_kprobe_trace+0x50/0x50\n[ 97.404972] do_one_initcall+0x112/0x240\n[ 97.406113] do_initcall_level+0x95/0xb0\n[ 97.407286] ? kernel_init+0x1a/0x1a0\n[ 97.408401] do_initcalls+0x3f/0x70\n[ 97.409452] kernel_init_freeable+0x16f/0x1e0\n[ 97.410662] ? rest_init+0x1f0/0x1f0\n[ 97.411738] kernel_init+0x1a/0x1a0\n[ 97.412788] ret_from_fork+0x39/0x50\n[ 97.413817] ? rest_init+0x1f0/0x1f0\n[ 97.414844] ret_from_fork_asm+0x11/0x20\n[ 97.416285] \n[ 97.417134] irq event stamp: 13437323\n[ 97.418376] hardirqs last enabled at (13437337): [] console_unlock+0x11c/0x150\n[ 97.421285] hardirqs last disabled at (13437370): [] console_unlock+0x101/0x150\n[ 97.423838] softirqs last enabled at (13437366): [] handle_softirqs+0x23f/0x2a0\n[ 97.426450] softirqs last disabled at (13437393): [] __irq_exit_rcu+0x66/0xd0\n[ 97.428850] ---[ end trace 0000000000000000 ]---\n\nAnd also, since we can not cleanup dynamic_event file, ftracetest are\nfailed too.\n\nTo avoid these issues, build these tests only as modules.(CVE-2024-41004)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\n\tvalue changed: 0x0000000a -> 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi->poll_owner\nnon atomically. The ->poll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.(CVE-2024-41005)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk->icsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk->icsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.(CVE-2024-41007)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that \"owns\" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk's\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A's header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We've tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.(CVE-2024-41009)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for kernel is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Critical", + "category":"general", + "title":"Severity" + }, + { + "text":"kernel", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1897", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + }, + { + "summary":"CVE-2024-34030", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-34030&packageName=kernel" + }, + { + "summary":"CVE-2024-36014", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36014&packageName=kernel" + }, + { + "summary":"CVE-2024-36016", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36016&packageName=kernel" + }, + { + "summary":"CVE-2024-36031", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36031&packageName=kernel" + }, + { + "summary":"CVE-2024-36881", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36881&packageName=kernel" + }, + { + "summary":"CVE-2024-36939", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36939&packageName=kernel" + }, + { + "summary":"CVE-2024-36979", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36979&packageName=kernel" + }, + { + "summary":"CVE-2024-38559", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38559&packageName=kernel" + }, + { + "summary":"CVE-2024-38578", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38578&packageName=kernel" + }, + { + "summary":"CVE-2024-38589", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38589&packageName=kernel" + }, + { + "summary":"CVE-2024-38618", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38618&packageName=kernel" + }, + { + "summary":"CVE-2024-38619", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38619&packageName=kernel" + }, + { + "summary":"CVE-2024-39463", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39463&packageName=kernel" + }, + { + "summary":"CVE-2024-39469", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39469&packageName=kernel" + }, + { + "summary":"CVE-2024-39472", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39472&packageName=kernel" + }, + { + "summary":"CVE-2024-39485", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39485&packageName=kernel" + }, + { + "summary":"CVE-2024-39494", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39494&packageName=kernel" + }, + { + "summary":"CVE-2024-39499", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39499&packageName=kernel" + }, + { + "summary":"CVE-2024-39505", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39505&packageName=kernel" + }, + { + "summary":"CVE-2024-40912", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40912&packageName=kernel" + }, + { + "summary":"CVE-2024-40916", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40916&packageName=kernel" + }, + { + "summary":"CVE-2024-40918", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40918&packageName=kernel" + }, + { + "summary":"CVE-2024-40923", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40923&packageName=kernel" + }, + { + "summary":"CVE-2024-40929", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40929&packageName=kernel" + }, + { + "summary":"CVE-2024-40932", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40932&packageName=kernel" + }, + { + "summary":"CVE-2024-40936", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40936&packageName=kernel" + }, + { + "summary":"CVE-2024-40941", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40941&packageName=kernel" + }, + { + "summary":"CVE-2024-40943", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40943&packageName=kernel" + }, + { + "summary":"CVE-2024-40951", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40951&packageName=kernel" + }, + { + "summary":"CVE-2024-40952", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40952&packageName=kernel" + }, + { + "summary":"CVE-2024-40957", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40957&packageName=kernel" + }, + { + "summary":"CVE-2024-40968", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40968&packageName=kernel" + }, + { + "summary":"CVE-2024-40974", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40974&packageName=kernel" + }, + { + "summary":"CVE-2024-40975", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40975&packageName=kernel" + }, + { + "summary":"CVE-2024-40977", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40977&packageName=kernel" + }, + { + "summary":"CVE-2024-40983", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40983&packageName=kernel" + }, + { + "summary":"CVE-2024-40984", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40984&packageName=kernel" + }, + { + "summary":"CVE-2024-40987", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40987&packageName=kernel" + }, + { + "summary":"CVE-2024-41004", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41004&packageName=kernel" + }, + { + "summary":"CVE-2024-41005", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41005&packageName=kernel" + }, + { + "summary":"CVE-2024-41007", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41007&packageName=kernel" + }, + { + "summary":"CVE-2024-41009", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41009&packageName=kernel" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34030" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36014" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36016" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36031" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36881" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36939" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36979" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38559" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38578" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38589" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38618" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38619" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39463" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39469" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39472" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39485" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39494" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39499" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39505" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40912" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40916" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40918" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40923" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40929" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40932" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40936" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40941" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40943" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40951" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40952" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40957" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40968" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40974" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40975" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40977" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40983" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40984" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40987" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41004" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41005" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41007" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41009" + }, + { + "summary":"openEuler-SA-2024-1897 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1897.json" + } + ], + "title":"An update for kernel is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:46+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:46+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:46+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:46+08:00", + "id":"openEuler-SA-2024-1897", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm", + "name":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm" + }, + "name":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"perf-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "name":"kernel-6.6.0-35.0.0.43.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"perf-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-34030", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: of_property: Return error for int_map allocation failure\n\nReturn -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a\nNULL pointer dereference in this case.\n\n[bhelgaas: commit log]", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-34030" + }, + { + "cve":"CVE-2024-36014", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/arm/malidp: fix a possible null pointer dereference\n\nIn malidp_mw_connector_reset, new memory is allocated with kzalloc, but\nno check is performed. In order to prevent null pointer dereferencing,\nensure that mw_state is checked before calling\n__drm_atomic_helper_connector_reset.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-36014" + }, + { + "cve":"CVE-2024-36016", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix possible out-of-bounds in gsm0_receive()\n\nAssuming the following:\n- side A configures the n_gsm in basic option mode\n- side B sends the header of a basic option mode frame with data length 1\n- side A switches to advanced option mode\n- side B sends 2 data bytes which exceeds gsm->len\n Reason: gsm->len is not used in advanced option mode.\n- side A switches to basic option mode\n- side B keeps sending until gsm0_receive() writes past gsm->buf\n Reason: Neither gsm->state nor gsm->len have been reset after\n reconfiguration.\n\nFix this by changing gsm->count to gsm->len comparison from equal to less\nthan. Also add upper limit checks against the constant MAX_MRU in\ngsm0_receive() and gsm1_receive() to harden against memory corruption of\ngsm->len and gsm->mru.\n\nAll other checks remain as we still need to limit the data according to the\nuser configuration and actual payload size.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.7, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-36016" + }, + { + "cve":"CVE-2024-36031", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:keys: Fix overwrite of key expiration on instantiationThe expiry time of a key is unconditionally overwritten duringinstantiation, defaulting to turn it permanent. This causes a problemfor DNS resolution as the expiration set by user-space is overwritten toTIME64_MAX, disabling further DNS updates. Fix this by restoring thecondition that key_set_expiry is only called when the pre-parser sets aspecific expiry.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"CRITICAL", + "baseScore":9.8, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Critical", + "category":"impact" + } + ], + "title":"CVE-2024-36031" + }, + { + "cve":"CVE-2024-36881", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/userfaultfd: reset ptes when close() for wr-protected ones\n\nUserfaultfd unregister includes a step to remove wr-protect bits from all\nthe relevant pgtable entries, but that only covered an explicit\nUFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover\nthat too. This fixes a WARN trace.\n\nThe only user visible side effect is the user can observe leftover\nwr-protect bits even if the user close()ed on an userfaultfd when\nreleasing the last reference of it. However hopefully that should be\nharmless, and nothing bad should happen even if so.\n\nThis change is now more important after the recent page-table-check\npatch we merged in mm-unstable (446dd9ad37d0 (\"mm/page_table_check:\nsupport userfault wr-protect entries\")), as we'll do sanity check on\nuffd-wp bits without vma context. So it's better if we can 100%\nguarantee no uffd-wp bit leftovers, to make sure each report will be\nvalid.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-36881" + }, + { + "cve":"CVE-2024-36939", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet's handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname 'nfs'\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n ", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.6, + "vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-36939" + }, + { + "cve":"CVE-2024-36979", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix vlan use-after-free\n\nsyzbot reported a suspicious rcu usage[1] in bridge's mst code. While\nfixing it I noticed that nothing prevents a vlan to be freed while\nwalking the list from the same path (br forward delay timer). Fix the rcu\nusage and also make sure we are not accessing freed memory by making\nbr_mst_vlan_set_state use rcu read lock.\n\n[1]\n WARNING: suspicious RCU usage\n 6.9.0-rc6-syzkaller #0 Not tainted\n -----------------------------\n net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage!\n ...\n stack backtrace:\n CPU: 1 PID: 8017 Comm: syz-executor.1 Not tainted 6.9.0-rc6-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n Call Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n nbp_vlan_group net/bridge/br_private.h:1599 [inline]\n br_mst_set_state+0x1ea/0x650 net/bridge/br_mst.c:105\n br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47\n br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88\n call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429\n run_timer_base kernel/time/timer.c:2438 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448\n __do_softirq+0x2c6/0x980 kernel/softirq.c:554\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:645\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \n \n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758\n Code: 2b 00 74 08 4c 89 f7 e8 ba d1 84 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25\n RSP: 0018:ffffc90013657100 EFLAGS: 00000206\n RAX: 0000000000000001 RBX: 1ffff920026cae2c RCX: 0000000000000001\n RDX: dffffc0000000000 RSI: ffffffff8bcaca00 RDI: ffffffff8c1eaa60\n RBP: ffffc90013657260 R08: ffffffff92efe507 R09: 1ffffffff25dfca0\n R10: dffffc0000000000 R11: fffffbfff25dfca1 R12: 1ffff920026cae28\n R13: dffffc0000000000 R14: ffffc90013657160 R15: 0000000000000246", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.0, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-36979" + }, + { + "cve":"CVE-2024-38559", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-38559" + }, + { + "cve":"CVE-2024-38578", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\necryptfs: Fix buffer size for tag 66 packet\n\nThe 'TAG 66 Packet Format' description is missing the cipher code and\nchecksum fields that are packed into the message packet. As a result,\nthe buffer allocated for the packet is 3 bytes too small and\nwrite_tag_66_packet() will write up to 3 bytes past the end of the\nbuffer.\n\nFix this by increasing the size of the allocation so the whole packet\nwill always fit in the buffer.\n\nThis fixes the below kasan slab-out-of-bounds bug:\n\n BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0\n Write of size 1 at addr ffff88800afbb2a5 by task touch/181\n\n CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x4c/0x70\n print_report+0xc5/0x610\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? kasan_complete_mode_report_info+0x44/0x210\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n kasan_report+0xc2/0x110\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n __asan_store1+0x62/0x80\n ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10\n ? __alloc_pages+0x2e2/0x540\n ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]\n ? dentry_open+0x8f/0xd0\n ecryptfs_write_metadata+0x30a/0x550\n ? __pfx_ecryptfs_write_metadata+0x10/0x10\n ? ecryptfs_get_lower_file+0x6b/0x190\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n ? __pfx_path_openat+0x10/0x10\n do_filp_open+0x15e/0x290\n ? __pfx_do_filp_open+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? _raw_spin_lock+0x86/0xf0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? alloc_fd+0xf4/0x330\n do_sys_openat2+0x122/0x160\n ? __pfx_do_sys_openat2+0x10/0x10\n __x64_sys_openat+0xef/0x170\n ? __pfx___x64_sys_openat+0x10/0x10\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f00a703fd67\n Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f\n RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\n RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67\n RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c\n RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000\n R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941\n R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040\n \n\n Allocated by task 181:\n kasan_save_stack+0x2f/0x60\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x25/0x40\n __kasan_kmalloc+0xc5/0xd0\n __kmalloc+0x66/0x160\n ecryptfs_generate_key_packet_set+0x6d2/0xde0\n ecryptfs_write_metadata+0x30a/0x550\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n do_filp_open+0x15e/0x290\n do_sys_openat2+0x122/0x160\n __x64_sys_openat+0xef/0x170\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-38578" + }, + { + "cve":"CVE-2024-38589", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n lock(nr_node_list_lock);\n lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38589" + }, + { + "cve":"CVE-2024-38618", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Set lower bound of start tick time\n\nCurrently ALSA timer doesn't have the lower limit of the start tick\ntime, and it allows a very small size, e.g. 1 tick with 1ns resolution\nfor hrtimer. Such a situation may lead to an unexpected RCU stall,\nwhere the callback repeatedly queuing the expire update, as reported\nby fuzzer.\n\nThis patch introduces a sanity check of the timer start tick time, so\nthat the system returns an error when a too small start size is set.\nAs of this patch, the lower limit is hard-coded to 100us, which is\nsmall enough but can still work somehow.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38618" + }, + { + "cve":"CVE-2024-38619", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Check whether the media is initialized\n\nThe member \"uzonesize\" of struct alauda_info will remain 0\nif alauda_init_media() fails, potentially causing divide errors\nin alauda_read_data() and alauda_write_lba().\n- Add a member \"media_initialized\" to struct alauda_info.\n- Change a condition in alauda_check_media() to ensure the\n first initialization.\n- Add an error check for the return value of alauda_init_media().", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38619" + }, + { + "cve":"CVE-2024-39463", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\n9p: add missing locking around taking dentry fid list\n\nFix a use-after-free on dentry's d_fsdata fid list when a thread\nlooks up a fid through dentry while another thread unlinks it:\n\nUAF thread:\nrefcount_t: addition on 0; use-after-free.\n p9_fid_get linux/./include/net/9p/client.h:262\n v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129\n v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181\n v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314\n v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400\n vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248\n\nFreed by:\n p9_fid_destroy (inlined)\n p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456\n p9_fid_put linux/./include/net/9p/client.h:278\n v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55\n v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518\n vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335\n\nThe problem is that d_fsdata was not accessed under d_lock, because\nd_release() normally is only called once the dentry is otherwise no\nlonger accessible but since we also call it explicitly in v9fs_remove\nthat lock is required:\nmove the hlist out of the dentry under lock then unref its fids once\nthey are no longer accessible.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39463" + }, + { + "cve":"CVE-2024-39469", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors\n\nThe error handling in nilfs_empty_dir() when a directory folio/page read\nfails is incorrect, as in the old ext2 implementation, and if the\nfolio/page cannot be read or nilfs_check_folio() fails, it will falsely\ndetermine the directory as empty and corrupt the file system.\n\nIn addition, since nilfs_empty_dir() does not immediately return on a\nfailed folio/page read, but continues to loop, this can cause a long loop\nwith I/O if i_size of the directory's inode is also corrupted, causing the\nlog writer thread to wait and hang, as reported by syzbot.\n\nFix these issues by making nilfs_empty_dir() immediately return a false\nvalue (0) if it fails to get a directory folio/page.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39469" + }, + { + "cve":"CVE-2024-39472", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:xfs: fix log recovery buffer allocation for the legacy h_size fixupCommit a70f9fe52daa ( xfs: detect and handle invalid iclog size set bymkfs ) added a fixup for incorrect h_size values used for the initialumount record in old xfsprogs versions. Later commit 0c771b99d6c9( xfs: clean up calculation of LR header blocks ) cleaned up the logreover buffer calculation, but stoped using the fixed up h_size valueto size the log recovery buffer, which can lead to an out of boundsaccess when the incorrect h_size does not come from the old mkfstool, but a fuzzer.Fix this by open coding xlog_logrec_hblks and taking the fixed h_sizeinto account for this calculation.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39472" + }, + { + "cve":"CVE-2024-39485", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Properly re-initialise notifier entry in unregister\n\nThe notifier_entry of a notifier is not re-initialised after unregistering\nthe notifier. This leads to dangling pointers being left there so use\nlist_del_init() to return the notifier_entry an empty list.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39485" + }, + { + "cve":"CVE-2024-39494", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry's dname.name\n\n->d_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (->d_lock on dentry,\n->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-39494" + }, + { + "cve":"CVE-2024-39499", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39499" + }, + { + "cve":"CVE-2024-39505", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: check for error-valued pointer\n\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39505" + }, + { + "cve":"CVE-2024-40912", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta->ps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40912" + }, + { + "cve":"CVE-2024-40916", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found\n\nWhen reading EDID fails and driver reports no modes available, the DRM\ncore adds an artificial 1024x786 mode to the connector. Unfortunately\nsome variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not\nable to drive such mode, so report a safe 640x480 mode instead of nothing\nin case of the EDID reading failure.\n\nThis fixes the following issue observed on Trats2 board since commit\n13d5b040363c (\"drm/exynos: do not return negative values from .get_modes()\"):\n\n[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations\nexynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)\nexynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)\nexynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)\nexynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)\nexynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)\n[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1\nexynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state\npanel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c\nexynos-mixer 12c10000.mixer: timeout waiting for VSYNC\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n[CRTC:70:crtc-1] vblank wait timed out\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x68/0x88\n dump_stack_lvl from __warn+0x7c/0x1c4\n __warn from warn_slowpath_fmt+0x11c/0x1a8\n warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c\n drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184\n commit_tail from drm_atomic_helper_commit+0x168/0x190\n drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0\n drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c\n drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc\n drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40\n drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4\n __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c\n drm_fb_helper_set_par from fbcon_init+0x3d8/0x550\n fbcon_init from visual_init+0xc0/0x108\n visual_init from do_bind_con_driver+0x1b8/0x3a4\n do_bind_con_driver from do_take_over_console+0x140/0x1ec\n do_take_over_console from do_fbcon_takeover+0x70/0xd0\n do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac\n fbcon_fb_registered from register_framebuffer+0x190/0x21c\n register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574\n __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0\n exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94\n drm_client_register from exynos_drm_bind+0x160/0x190\n exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8\n try_to_bring_up_aggregate_device from __component_add+0xb0/0x170\n __component_add from mixer_probe+0x74/0xcc\n mixer_probe from platform_probe+0x5c/0xb8\n platform_probe from really_probe+0xe0/0x3d8\n really_probe from __driver_probe_device+0x9c/0x1e4\n __driver_probe_device from driver_probe_device+0x30/0xc0\n driver_probe_device from __device_attach_driver+0xa8/0x120\n __device_attach_driver from bus_for_each_drv+0x80/0xcc\n bus_for_each_drv from __device_attach+0xac/0x1fc\n __device_attach from bus_probe_device+0x8c/0x90\n bus_probe_device from deferred_probe_work_func+0\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40916" + }, + { + "cve":"CVE-2024-40918", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Try to fix random segmentation faults in package builds\n\nPA-RISC systems with PA8800 and PA8900 processors have had problems\nwith random segmentation faults for many years. Systems with earlier\nprocessors are much more stable.\n\nSystems with PA8800 and PA8900 processors have a large L2 cache which\nneeds per page flushing for decent performance when a large range is\nflushed. The combined cache in these systems is also more sensitive to\nnon-equivalent aliases than the caches in earlier systems.\n\nThe majority of random segmentation faults that I have looked at\nappear to be memory corruption in memory allocated using mmap and\nmalloc.\n\nMy first attempt at fixing the random faults didn't work. On\nreviewing the cache code, I realized that there were two issues\nwhich the existing code didn't handle correctly. Both relate\nto cache move-in. Another issue is that the present bit in PTEs\nis racy.\n\n1) PA-RISC caches have a mind of their own and they can speculatively\nload data and instructions for a page as long as there is a entry in\nthe TLB for the page which allows move-in. TLBs are local to each\nCPU. Thus, the TLB entry for a page must be purged before flushing\nthe page. This is particularly important on SMP systems.\n\nIn some of the flush routines, the flush routine would be called\nand then the TLB entry would be purged. This was because the flush\nroutine needed the TLB entry to do the flush.\n\n2) My initial approach to trying the fix the random faults was to\ntry and use flush_cache_page_if_present for all flush operations.\nThis actually made things worse and led to a couple of hardware\nlockups. It finally dawned on me that some lines weren't being\nflushed because the pte check code was racy. This resulted in\nrandom inequivalent mappings to physical pages.\n\nThe __flush_cache_page tmpalias flush sets up its own TLB entry\nand it doesn't need the existing TLB entry. As long as we can find\nthe pte pointer for the vm page, we can get the pfn and physical\naddress of the page. We can also purge the TLB entry for the page\nbefore doing the flush. Further, __flush_cache_page uses a special\nTLB entry that inhibits cache move-in.\n\nWhen switching page mappings, we need to ensure that lines are\nremoved from the cache. It is not sufficient to just flush the\nlines to memory as they may come back.\n\nThis made it clear that we needed to implement all the required\nflush operations using tmpalias routines. This includes flushes\nfor user and kernel pages.\n\nAfter modifying the code to use tmpalias flushes, it became clear\nthat the random segmentation faults were not fully resolved. The\nfrequency of faults was worse on systems with a 64 MB L2 (PA8900)\nand systems with more CPUs (rp4440).\n\nThe warning that I added to flush_cache_page_if_present to detect\npages that couldn't be flushed triggered frequently on some systems.\n\nHelge and I looked at the pages that couldn't be flushed and found\nthat the PTE was either cleared or for a swap page. Ignoring pages\nthat were swapped out seemed okay but pages with cleared PTEs seemed\nproblematic.\n\nI looked at routines related to pte_clear and noticed ptep_clear_flush.\nThe default implementation just flushes the TLB entry. However, it was\nobvious that on parisc we need to flush the cache page as well. If\nwe don't flush the cache page, stale lines will be left in the cache\nand cause random corruption. Once a PTE is cleared, there is no way\nto find the physical address associated with the PTE and flush the\nassociated page at a later time.\n\nI implemented an updated change with a parisc specific version of\nptep_clear_flush. It fixed the random data corruption on Helge's rp4440\nand rp3440, as well as on my c8000.\n\nAt this point, I realized that I could restore the code where we only\nflush in flush_cache_page_if_present if the page has been accessed.\nHowever, for this, we also need to flush the cache when the accessed\nbit is cleared in\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40918" + }, + { + "cve":"CVE-2024-40923", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: disable rx data ring on dma allocation failure\n\nWhen vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,\nthe subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset\nrq->data_ring.desc_size for the data ring that failed, which presumably\ncauses the hypervisor to reference it on packet reception.\n\nTo fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell\nthe hypervisor to disable this feature.\n\n[ 95.436876] kernel BUG at net/core/skbuff.c:207!\n[ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1\n[ 95.441558] Hardware name: VMware, Inc. VMware Virtual\nPlatform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018\n[ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f\n[ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50\nff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9\nff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24\n[ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246\n[ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f\n[ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f\n[ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60\n[ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000\n[ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0\n[ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000\n[ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0\n[ 95.459791] Call Trace:\n[ 95.460515] \n[ 95.461180] ? __die_body.cold+0x19/0x27\n[ 95.462150] ? die+0x2e/0x50\n[ 95.462976] ? do_trap+0xca/0x110\n[ 95.463973] ? do_error_trap+0x6a/0x90\n[ 95.464966] ? skb_panic+0x4d/0x4f\n[ 95.465901] ? exc_invalid_op+0x50/0x70\n[ 95.466849] ? skb_panic+0x4d/0x4f\n[ 95.467718] ? asm_exc_invalid_op+0x1a/0x20\n[ 95.468758] ? skb_panic+0x4d/0x4f\n[ 95.469655] skb_put.cold+0x10/0x10\n[ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]\n[ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]\n[ 95.473185] __napi_poll+0x2b/0x160\n[ 95.474145] net_rx_action+0x2c6/0x3b0\n[ 95.475115] handle_softirqs+0xe7/0x2a0\n[ 95.476122] __irq_exit_rcu+0x97/0xb0\n[ 95.477109] common_interrupt+0x85/0xa0\n[ 95.478102] \n[ 95.478846] \n[ 95.479603] asm_common_interrupt+0x26/0x40\n[ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20\n[ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90\n[ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246\n[ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000\n[ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001\n[ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3\n[ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260\n[ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000\n[ 95.495035] acpi_safe_halt+0x14/0x20\n[ 95.496127] acpi_idle_do_entry+0x2f/0x50\n[ 95.497221] acpi_idle_enter+0x7f/0xd0\n[ 95.498272] cpuidle_enter_state+0x81/0x420\n[ 95.499375] cpuidle_enter+0x2d/0x40\n[ 95.500400] do_idle+0x1e5/0x240\n[ 95.501385] cpu_startup_entry+0x29/0x30\n[ 95.502422] start_secondary+0x11c/0x140\n[ 95.503454] common_startup_64+0x13e/0x141\n[ 95.504466] \n[ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4\nnft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40923" + }, + { + "cve":"CVE-2024-40929", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40929" + }, + { + "cve":"CVE-2024-40932", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40932" + }, + { + "cve":"CVE-2024-40936", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix memregion leaks in devm_cxl_add_region()\n\nMove the mode verification to __create_region() before allocating the\nmemregion to avoid the memregion leaks.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40936" + }, + { + "cve":"CVE-2024-40941", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won't see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40941" + }, + { + "cve":"CVE-2024-40943", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40943" + }, + { + "cve":"CVE-2024-40951", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()\n\nbdev->bd_super has been removed and commit 8887b94d9322 change the usage\nfrom bdev->bd_super to b_assoc_map->host->i_sb. Since ocfs2 hasn't set\nbh->b_assoc_map, it will trigger NULL pointer dereference when calling\ninto ocfs2_abort_trigger().\n\nActually this was pointed out in history, see commit 74e364ad1b13. But\nI've made a mistake when reviewing commit 8887b94d9322 and then\nre-introduce this regression.\n\nSince we cannot revive bdev in buffer head, so fix this issue by\ninitializing all types of ocfs2 triggers when fill super, and then get the\nspecific ocfs2 trigger from ocfs2_caching_info when access journal.\n\n[joseph.qi@linux.alibaba.com: v2]\n Link: https://lkml.kernel.org/r/20240602112045.1112708-1-joseph.qi@linux.alibaba.com", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40951" + }, + { + "cve":"CVE-2024-40952", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()\n\nbdev->bd_super has been removed and commit 8887b94d9322 change the usage\nfrom bdev->bd_super to b_assoc_map->host->i_sb. This introduces the\nfollowing NULL pointer dereference in ocfs2_journal_dirty() since\nb_assoc_map is still not initialized. This can be easily reproduced by\nrunning xfstests generic/186, which simulate no more credits.\n\n[ 134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000\n...\n[ 134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\n...\n[ 134.365071] Call Trace:\n[ 134.365312] \n[ 134.365524] ? __die_body+0x1e/0x60\n[ 134.365868] ? page_fault_oops+0x13d/0x4f0\n[ 134.366265] ? __pfx_bit_wait_io+0x10/0x10\n[ 134.366659] ? schedule+0x27/0xb0\n[ 134.366981] ? exc_page_fault+0x6a/0x140\n[ 134.367356] ? asm_exc_page_fault+0x26/0x30\n[ 134.367762] ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\n[ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2]\n[ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2]\n[ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2]\n[ 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2]\n[ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2]\n[ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2]\n[ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2]\n[ 134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2]\n[ 134.372994] ? inode_update_timestamps+0x4a/0x120\n[ 134.373692] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\n[ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\n[ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2]\n[ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2]\n[ 134.376971] ? security_file_permission+0x29/0x50\n[ 134.377644] vfs_clone_file_range+0xfe/0x320\n[ 134.378268] ioctl_file_clone+0x45/0xa0\n[ 134.378853] do_vfs_ioctl+0x457/0x990\n[ 134.379422] __x64_sys_ioctl+0x6e/0xd0\n[ 134.379987] do_syscall_64+0x5d/0x170\n[ 134.380550] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 134.381231] RIP: 0033:0x7fa4926397cb\n[ 134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48\n[ 134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb\n[ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003\n[ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000\n[ 134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000\n[ 134.389207] \n\nFix it by only aborting transaction and journal in ocfs2_journal_dirty()\nnow, and leave ocfs2_abort() later when detecting an aborted handle,\ne.g. start next transaction. Also log the handle details in this case.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40952" + }, + { + "cve":"CVE-2024-40957", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors\n\ninput_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for\nPREROUTING hook, in PREROUTING hook, we should passing a valid indev,\nand a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer\ndereference, as below:\n\n [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090\n [74830.655633] #PF: supervisor read access in kernel mode\n [74830.657888] #PF: error_code(0x0000) - not-present page\n [74830.659500] PGD 0 P4D 0\n [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI\n ...\n [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter]\n ...\n [74830.689725] Call Trace:\n [74830.690402] \n [74830.690953] ? show_trace_log_lvl+0x1c4/0x2df\n [74830.692020] ? show_trace_log_lvl+0x1c4/0x2df\n [74830.693095] ? ipt_do_table+0x286/0x710 [ip_tables]\n [74830.694275] ? __die_body.cold+0x8/0xd\n [74830.695205] ? page_fault_oops+0xac/0x140\n [74830.696244] ? exc_page_fault+0x62/0x150\n [74830.697225] ? asm_exc_page_fault+0x22/0x30\n [74830.698344] ? rpfilter_mt+0x44/0x15e [ipt_rpfilter]\n [74830.699540] ipt_do_table+0x286/0x710 [ip_tables]\n [74830.700758] ? ip6_route_input+0x19d/0x240\n [74830.701752] nf_hook_slow+0x3f/0xb0\n [74830.702678] input_action_end_dx4+0x19b/0x1e0\n [74830.703735] ? input_action_end_t+0xe0/0xe0\n [74830.704734] seg6_local_input_core+0x2d/0x60\n [74830.705782] lwtunnel_input+0x5b/0xb0\n [74830.706690] __netif_receive_skb_one_core+0x63/0xa0\n [74830.707825] process_backlog+0x99/0x140\n [74830.709538] __napi_poll+0x2c/0x160\n [74830.710673] net_rx_action+0x296/0x350\n [74830.711860] __do_softirq+0xcb/0x2ac\n [74830.713049] do_softirq+0x63/0x90\n\ninput_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally\ntrigger a NULL dereference in rpfilter_mt()->rpfilter_is_loopback():\n\n static bool\n rpfilter_is_loopback(const struct sk_buff *skb,\n \t const struct net_device *in)\n {\n // in is NULL\n return skb->pkt_type == PACKET_LOOPBACK ||\n \t in->flags & IFF_LOOPBACK;\n }", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40957" + }, + { + "cve":"CVE-2024-40968", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Octeon: Add PCIe link status check\n\nThe standard PCIe configuration read-write interface is used to\naccess the configuration space of the peripheral PCIe devices\nof the mips processor after the PCIe link surprise down, it can\ngenerate kernel panic caused by \"Data bus error\". So it is\nnecessary to add PCIe link status check for system protection.\nWhen the PCIe link is down or in training, assigning a value\nof 0 to the configuration address can prevent read-write behavior\nto the configuration space of peripheral PCIe devices, thereby\npreventing kernel panic.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40968" + }, + { + "cve":"CVE-2024-40974", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Enforce hcall result buffer validity and size\n\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\n\nFor example, if I write a bug like this:\n\n long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\n plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\n\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\n\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\n\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n | ^ ~~~~~~\n\n[1] Enabled for LLVM builds but not GCC for now. See commit\n 0da6e5fd6c37 (\"gcc: disable '-Warray-bounds' for gcc-13 too\") and\n related changes.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40974" + }, + { + "cve":"CVE-2024-40975", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Unregister devices in reverse order\n\nNot all subsystems support a device getting removed while there are\nstill consumers of the device with a reference to the device.\n\nOne example of this is the regulator subsystem. If a regulator gets\nunregistered while there are still drivers holding a reference\na WARN() at drivers/regulator/core.c:5829 triggers, e.g.:\n\n WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:5829 regulator_unregister\n Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLADE_21.X64.0005.R00.1504101516 FFD8_X64_R_2015_04_10_1516 04/10/2015\n RIP: 0010:regulator_unregister\n Call Trace:\n \n regulator_unregister\n devres_release_group\n i2c_device_remove\n device_release_driver_internal\n bus_remove_device\n device_del\n device_unregister\n x86_android_tablet_remove\n\nOn the Lenovo Yoga Tablet 2 series the bq24190 charger chip also provides\na 5V boost converter output for powering USB devices connected to the micro\nUSB port, the bq24190-charger driver exports this as a Vbus regulator.\n\nOn the 830 (8\") and 1050 (\"10\") models this regulator is controlled by\na platform_device and x86_android_tablet_remove() removes platform_device-s\nbefore i2c_clients so the consumer gets removed first.\n\nBut on the 1380 (13\") model there is a lc824206xa micro-USB switch\nconnected over I2C and the extcon driver for that controls the regulator.\nThe bq24190 i2c-client *must* be registered first, because that creates\nthe regulator with the lc824206xa listed as its consumer. If the regulator\nhas not been registered yet the lc824206xa driver will end up getting\na dummy regulator.\n\nSince in this case both the regulator provider and consumer are I2C\ndevices, the only way to ensure that the consumer is unregistered first\nis to unregister the I2C devices in reverse order of in which they were\ncreated.\n\nFor consistency and to avoid similar problems in the future change\nx86_android_tablet_remove() to unregister all device types in reverse\norder.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":2.1, + "vectorString":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40975" + }, + { + "cve":"CVE-2024-40977", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921s: fix potential hung tasks during chip recovery\n\nDuring chip recovery (e.g. chip reset), there is a possible situation that\nkernel worker reset_work is holding the lock and waiting for kernel thread\nstat_worker to be parked, while stat_worker is waiting for the release of\nthe same lock.\nIt causes a deadlock resulting in the dumping of hung tasks messages and\npossible rebooting of the device.\n\nThis patch prevents the execution of stat_worker during the chip recovery.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40977" + }, + { + "cve":"CVE-2024-40983", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40983" + }, + { + "cve":"CVE-2024-40984", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40984" + }, + { + "cve":"CVE-2024-40987", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40987" + }, + { + "cve":"CVE-2024-41004", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Build event generation tests only as modules\n\nThe kprobes and synth event generation test modules add events and lock\n(get a reference) those event file reference in module init function,\nand unlock and delete it in module exit function. This is because those\nare designed for playing as modules.\n\nIf we make those modules as built-in, those events are left locked in the\nkernel, and never be removed. This causes kprobe event self-test failure\nas below.\n\n[ 97.349708] ------------[ cut here ]------------\n[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.357106] Modules linked in:\n[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14\n[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90\n[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286\n[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000\n[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68\n[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000\n[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000\n[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000\n[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0\n[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 97.391196] Call Trace:\n[ 97.391967] \n[ 97.392647] ? __warn+0xcc/0x180\n[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.395181] ? report_bug+0xbd/0x150\n[ 97.396234] ? handle_bug+0x3e/0x60\n[ 97.397311] ? exc_invalid_op+0x1a/0x50\n[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20\n[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20\n[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90\n[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.403773] ? init_kprobe_trace+0x50/0x50\n[ 97.404972] do_one_initcall+0x112/0x240\n[ 97.406113] do_initcall_level+0x95/0xb0\n[ 97.407286] ? kernel_init+0x1a/0x1a0\n[ 97.408401] do_initcalls+0x3f/0x70\n[ 97.409452] kernel_init_freeable+0x16f/0x1e0\n[ 97.410662] ? rest_init+0x1f0/0x1f0\n[ 97.411738] kernel_init+0x1a/0x1a0\n[ 97.412788] ret_from_fork+0x39/0x50\n[ 97.413817] ? rest_init+0x1f0/0x1f0\n[ 97.414844] ret_from_fork_asm+0x11/0x20\n[ 97.416285] \n[ 97.417134] irq event stamp: 13437323\n[ 97.418376] hardirqs last enabled at (13437337): [] console_unlock+0x11c/0x150\n[ 97.421285] hardirqs last disabled at (13437370): [] console_unlock+0x101/0x150\n[ 97.423838] softirqs last enabled at (13437366): [] handle_softirqs+0x23f/0x2a0\n[ 97.426450] softirqs last disabled at (13437393): [] __irq_exit_rcu+0x66/0xd0\n[ 97.428850] ---[ end trace 0000000000000000 ]---\n\nAnd also, since we can not cleanup dynamic_event file, ftracetest are\nfailed too.\n\nTo avoid these issues, build these tests only as modules.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-41004" + }, + { + "cve":"CVE-2024-41005", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\n\tvalue changed: 0x0000000a -> 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi->poll_owner\nnon atomically. The ->poll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-41005" + }, + { + "cve":"CVE-2024-41007", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk->icsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk->icsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-41007" + }, + { + "cve":"CVE-2024-41009", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:bpf: Fix overrunning reservations in ringbufThe BPF ring buffer internally is implemented as a power-of-2 sized circularbuffer, with two logical and ever-increasing counters: consumer_pos is theconsumer counter to show which logical position the consumer consumed thedata, and producer_pos which is the producer counter denoting the amount ofdata reserved by all producers.Each time a record is reserved, the producer that owns the record willsuccessfully advance producer counter. In user space each time a record isread, the consumer of the data advanced the consumer counter once it finishedprocessing. Both counters are stored in separate pages so that from userspace, the producer counter is read-only and the consumer counter is read-write.One aspect that simplifies and thus speeds up the implementation of bothproducers and consumers is how the data area is mapped twice contiguouslyback-to-back in the virtual memory, allowing to not take any special measuresfor samples that have to wrap around at the end of the circular buffer dataarea, because the next page after the last data page would be first data pageagain, and thus the sample will still appear completely contiguous in virtualmemory.Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header forbook-keeping the length and offset, and is inaccessible to the BPF program.Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`for the BPF program to use. Bing-Jhong and Muhammad reported that it is howeverpossible to make a second allocated memory chunk overlapping with the firstchunk and as a result, the BPF program is now able to edit first chunk sheader.For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with sizeof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call tobpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, letsallocate a chunk B with size 0x3000. This will succeed because consumer_poswas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`check. Chunk B will be in range [0x3008,0x6010], and the BPF program is ableto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentionedearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same datapages. This means that chunk B at [0x4000,0x4008] is chunk A s header.bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header s pg_off to thenlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunkB modified chunk A s header, then bpf_ringbuf_commit() refers to the wrongpage and could cause a crash.Fix it by calculating the oldest pending_pos and check whether the rangefrom the oldest outstanding record to the newest would span beyond the ringbuffer size. If that is the case, then reject the request. We ve tested withthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)before/after the fix and while it seems a bit slower on some benchmarks, itis still not significantly enough to matter.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-41009" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1898.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1898.json new file mode 100644 index 0000000..b9e3165 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1898.json @@ -0,0 +1,1343 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"kernel security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for kernel is now available for openEuler-22.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: seville: register the mdiobus under devres\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() <-\ndevres_release_all() <- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Seville VSC9959 switch is a platform device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n->remove on ->shutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls ->remove from ->shutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the seville switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe seville driver has a code structure that could accommodate both the\nmdiobus_unregister and mdiobus_free calls, but it has an external\ndependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls\ndevm_mdiobus_alloc_size() on its behalf. So rather than restructuring\nthat, and exporting yet one more symbol mscc_miim_teardown(), let's work\nwith devres and replace of_mdiobus_register with the devres variant.\nWhen we use all-devres, we can ensure that devres doesn't free a\nstill-registered bus (it either runs both callbacks, or none).(CVE-2022-48814)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet's handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname 'nfs'\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n (CVE-2024-36939)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver's immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().(CVE-2024-40904)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244(CVE-2024-40905)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for kernel is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"kernel", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1898", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1898" + }, + { + "summary":"CVE-2022-48814", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48814&packageName=kernel" + }, + { + "summary":"CVE-2024-36939", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36939&packageName=kernel" + }, + { + "summary":"CVE-2024-40904", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40904&packageName=kernel" + }, + { + "summary":"CVE-2024-40905", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40905&packageName=kernel" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48814" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36939" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40904" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40905" + }, + { + "summary":"openEuler-SA-2024-1898 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1898.json" + } + ], + "title":"An update for kernel is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:48+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:48+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date": "2024-07-27T10:35:00+08:00", + "summary": "final", + "number": "2.0.0" + } + ], + "generator":{ + "date":"2024-07-27T10:35:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-27T10:35:00+08:00", + "id":"openEuler-SA-2024-1898", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"perf-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"perf-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"perf-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "name":"python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm" + }, + "name":"python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"perf-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"perf-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"perf-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "name":"python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm" + }, + "name":"python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"kernel-5.10.0-220.0.0.119.oe2203sp4.src.rpm", + "name":"kernel-5.10.0-220.0.0.119.oe2203sp4.src.rpm" + }, + "name":"kernel-5.10.0-220.0.0.119.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"perf-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"perf-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "name":"python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"perf-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"perf-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "name":"python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"kernel-5.10.0-220.0.0.119.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src", + "name":"kernel-5.10.0-220.0.0.119.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2022-48814", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: seville: register the mdiobus under devres\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() <-\ndevres_release_all() <- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Seville VSC9959 switch is a platform device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n->remove on ->shutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls ->remove from ->shutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the seville switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe seville driver has a code structure that could accommodate both the\nmdiobus_unregister and mdiobus_free calls, but it has an external\ndependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls\ndevm_mdiobus_alloc_size() on its behalf. So rather than restructuring\nthat, and exporting yet one more symbol mscc_miim_teardown(), let's work\nwith devres and replace of_mdiobus_register with the devres variant.\nWhen we use all-devres, we can ensure that devres doesn't free a\nstill-registered bus (it either runs both callbacks, or none).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1898" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48814" + }, + { + "cve":"CVE-2024-36939", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet's handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname 'nfs'\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n ", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1898" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.6, + "vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-36939" + }, + { + "cve":"CVE-2024-40904", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver's immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1898" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40904" + }, + { + "cve":"CVE-2024-40905", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1898" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:kernel-5.10.0-220.0.0.119.oe2203sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40905" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1899.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1899.json new file mode 100644 index 0000000..86f91ce --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1899.json @@ -0,0 +1,253 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"dnsjava security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for dnsjava is now available for openEuler-24.03-LTS", + "category":"general", + "title":"Summary" + }, + { + "text":"dnsjava is an implementation of DNS in Java. It supports all of the common record types and the DNSSEC types. It can be used for queries, zone transfers, and dynamic updates. It includes a cache which can be used by clients, and a minimal implementation of a server. It supports TSIG authenticated messages, partial DNSSEC verification, and EDNS0. dnsjava provides functionality above and beyond that of the InetAddress class. Since it is written in pure Java, dnsjava is fully threadable, and in many cases is faster than using InetAddress. dnsjava provides both high and low level access to DNS. The high level functions perform queries for records of a given name, type, and class, and return an array of records. There is also a clone of InetAddress, which is even simpler. A cache is used to reduce the number of DNS queries sent. The low level functions allow direct manipulation of dns messages and records, as well as allowing additional resolver properties to be set. A 'dig' clone and a dynamic update program are included, as well as a primary-only server.\n\nSecurity Fix(es):\n\ndnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.(CVE-2024-25638)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for dnsjava is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"dnsjava", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1899", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1899" + }, + { + "summary":"CVE-2024-25638", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-25638&packageName=dnsjava" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25638" + }, + { + "summary":"openEuler-SA-2024-1899 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1899.json" + } + ], + "title":"An update for dnsjava is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:50+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:50+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:50+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:50+08:00", + "id":"openEuler-SA-2024-1899", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"dnsjava-3.5.3-2.oe2403.noarch.rpm", + "name":"dnsjava-3.5.3-2.oe2403.noarch.rpm" + }, + "name":"dnsjava-3.5.3-2.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"dnsjava-javadoc-3.5.3-2.oe2403.noarch.rpm", + "name":"dnsjava-javadoc-3.5.3-2.oe2403.noarch.rpm" + }, + "name":"dnsjava-javadoc-3.5.3-2.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"dnsjava-3.5.3-2.oe2403.src.rpm", + "name":"dnsjava-3.5.3-2.oe2403.src.rpm" + }, + "name":"dnsjava-3.5.3-2.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"dnsjava-3.5.3-2.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.noarch", + "name":"dnsjava-3.5.3-2.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"dnsjava-javadoc-3.5.3-2.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:dnsjava-javadoc-3.5.3-2.oe2403.noarch", + "name":"dnsjava-javadoc-3.5.3-2.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"dnsjava-3.5.3-2.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.src", + "name":"dnsjava-3.5.3-2.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-25638", + "notes":[ + { + "text":"dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.noarch", + "openEuler-24.03-LTS:dnsjava-javadoc-3.5.3-2.oe2403.noarch", + "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.noarch", + "openEuler-24.03-LTS:dnsjava-javadoc-3.5.3-2.oe2403.noarch", + "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.src" + ], + "details":"dnsjava security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1899" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":8.9, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.noarch", + "openEuler-24.03-LTS:dnsjava-javadoc-3.5.3-2.oe2403.noarch", + "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.src" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-25638" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1900.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1900.json new file mode 100644 index 0000000..103f8e0 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1900.json @@ -0,0 +1,443 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"busybox security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for busybox is now available for openEuler-22.03-LTS-SP3", + "category":"general", + "title":"Summary" + }, + { + "text":"BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system.\n\nSecurity Fix(es):\n\nA use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.(CVE-2023-42363)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for busybox is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"busybox", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1900", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1900" + }, + { + "summary":"CVE-2023-42363", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-42363&packageName=busybox" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42363" + }, + { + "summary":"openEuler-SA-2024-1900 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1900.json" + } + ], + "title":"An update for busybox is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:51+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:51+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:51+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:51+08:00", + "id":"openEuler-SA-2024-1900", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-1.34.1-21.oe2203sp3.aarch64.rpm", + "name":"busybox-1.34.1-21.oe2203sp3.aarch64.rpm" + }, + "name":"busybox-1.34.1-21.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-debuginfo-1.34.1-21.oe2203sp3.aarch64.rpm", + "name":"busybox-debuginfo-1.34.1-21.oe2203sp3.aarch64.rpm" + }, + "name":"busybox-debuginfo-1.34.1-21.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-debugsource-1.34.1-21.oe2203sp3.aarch64.rpm", + "name":"busybox-debugsource-1.34.1-21.oe2203sp3.aarch64.rpm" + }, + "name":"busybox-debugsource-1.34.1-21.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-help-1.34.1-21.oe2203sp3.aarch64.rpm", + "name":"busybox-help-1.34.1-21.oe2203sp3.aarch64.rpm" + }, + "name":"busybox-help-1.34.1-21.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-petitboot-1.34.1-21.oe2203sp3.aarch64.rpm", + "name":"busybox-petitboot-1.34.1-21.oe2203sp3.aarch64.rpm" + }, + "name":"busybox-petitboot-1.34.1-21.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-1.34.1-21.oe2203sp3.src.rpm", + "name":"busybox-1.34.1-21.oe2203sp3.src.rpm" + }, + "name":"busybox-1.34.1-21.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-1.34.1-21.oe2203sp3.x86_64.rpm", + "name":"busybox-1.34.1-21.oe2203sp3.x86_64.rpm" + }, + "name":"busybox-1.34.1-21.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-debuginfo-1.34.1-21.oe2203sp3.x86_64.rpm", + "name":"busybox-debuginfo-1.34.1-21.oe2203sp3.x86_64.rpm" + }, + "name":"busybox-debuginfo-1.34.1-21.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-debugsource-1.34.1-21.oe2203sp3.x86_64.rpm", + "name":"busybox-debugsource-1.34.1-21.oe2203sp3.x86_64.rpm" + }, + "name":"busybox-debugsource-1.34.1-21.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-help-1.34.1-21.oe2203sp3.x86_64.rpm", + "name":"busybox-help-1.34.1-21.oe2203sp3.x86_64.rpm" + }, + "name":"busybox-help-1.34.1-21.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"busybox-petitboot-1.34.1-21.oe2203sp3.x86_64.rpm", + "name":"busybox-petitboot-1.34.1-21.oe2203sp3.x86_64.rpm" + }, + "name":"busybox-petitboot-1.34.1-21.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-1.34.1-21.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.aarch64", + "name":"busybox-1.34.1-21.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-debuginfo-1.34.1-21.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-debuginfo-1.34.1-21.oe2203sp3.aarch64", + "name":"busybox-debuginfo-1.34.1-21.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-debugsource-1.34.1-21.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-debugsource-1.34.1-21.oe2203sp3.aarch64", + "name":"busybox-debugsource-1.34.1-21.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-help-1.34.1-21.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-help-1.34.1-21.oe2203sp3.aarch64", + "name":"busybox-help-1.34.1-21.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-petitboot-1.34.1-21.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-petitboot-1.34.1-21.oe2203sp3.aarch64", + "name":"busybox-petitboot-1.34.1-21.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-1.34.1-21.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.src", + "name":"busybox-1.34.1-21.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-1.34.1-21.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.x86_64", + "name":"busybox-1.34.1-21.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-debuginfo-1.34.1-21.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-debuginfo-1.34.1-21.oe2203sp3.x86_64", + "name":"busybox-debuginfo-1.34.1-21.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-debugsource-1.34.1-21.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-debugsource-1.34.1-21.oe2203sp3.x86_64", + "name":"busybox-debugsource-1.34.1-21.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-help-1.34.1-21.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-help-1.34.1-21.oe2203sp3.x86_64", + "name":"busybox-help-1.34.1-21.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"busybox-petitboot-1.34.1-21.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:busybox-petitboot-1.34.1-21.oe2203sp3.x86_64", + "name":"busybox-petitboot-1.34.1-21.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2023-42363", + "notes":[ + { + "text":"A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-debuginfo-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-debugsource-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-help-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-petitboot-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-debuginfo-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-debugsource-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-help-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-petitboot-1.34.1-21.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-debuginfo-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-debugsource-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-help-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-petitboot-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-debuginfo-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-debugsource-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-help-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-petitboot-1.34.1-21.oe2203sp3.x86_64" + ], + "details":"busybox security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1900" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-debuginfo-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-debugsource-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-help-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-petitboot-1.34.1-21.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:busybox-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-debuginfo-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-debugsource-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-help-1.34.1-21.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:busybox-petitboot-1.34.1-21.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-42363" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1901.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1901.json new file mode 100644 index 0000000..7f12fe9 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1901.json @@ -0,0 +1,443 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"busybox security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for busybox is now available for openEuler-20.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system.\n\nSecurity Fix(es):\n\nA use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.(CVE-2023-42363)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for busybox is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"busybox", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1901", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1901" + }, + { + "summary":"CVE-2023-42363", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-42363&packageName=busybox" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42363" + }, + { + "summary":"openEuler-SA-2024-1901 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1901.json" + } + ], + "title":"An update for busybox is now available for openEuler-20.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:52+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:52+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:52+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:52+08:00", + "id":"openEuler-SA-2024-1901", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-1.31.1-22.oe2003sp4.aarch64.rpm", + "name":"busybox-1.31.1-22.oe2003sp4.aarch64.rpm" + }, + "name":"busybox-1.31.1-22.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-debuginfo-1.31.1-22.oe2003sp4.aarch64.rpm", + "name":"busybox-debuginfo-1.31.1-22.oe2003sp4.aarch64.rpm" + }, + "name":"busybox-debuginfo-1.31.1-22.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-debugsource-1.31.1-22.oe2003sp4.aarch64.rpm", + "name":"busybox-debugsource-1.31.1-22.oe2003sp4.aarch64.rpm" + }, + "name":"busybox-debugsource-1.31.1-22.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-help-1.31.1-22.oe2003sp4.aarch64.rpm", + "name":"busybox-help-1.31.1-22.oe2003sp4.aarch64.rpm" + }, + "name":"busybox-help-1.31.1-22.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-petitboot-1.31.1-22.oe2003sp4.aarch64.rpm", + "name":"busybox-petitboot-1.31.1-22.oe2003sp4.aarch64.rpm" + }, + "name":"busybox-petitboot-1.31.1-22.oe2003sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-1.31.1-22.oe2003sp4.src.rpm", + "name":"busybox-1.31.1-22.oe2003sp4.src.rpm" + }, + "name":"busybox-1.31.1-22.oe2003sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-1.31.1-22.oe2003sp4.x86_64.rpm", + "name":"busybox-1.31.1-22.oe2003sp4.x86_64.rpm" + }, + "name":"busybox-1.31.1-22.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-debuginfo-1.31.1-22.oe2003sp4.x86_64.rpm", + "name":"busybox-debuginfo-1.31.1-22.oe2003sp4.x86_64.rpm" + }, + "name":"busybox-debuginfo-1.31.1-22.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-debugsource-1.31.1-22.oe2003sp4.x86_64.rpm", + "name":"busybox-debugsource-1.31.1-22.oe2003sp4.x86_64.rpm" + }, + "name":"busybox-debugsource-1.31.1-22.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-help-1.31.1-22.oe2003sp4.x86_64.rpm", + "name":"busybox-help-1.31.1-22.oe2003sp4.x86_64.rpm" + }, + "name":"busybox-help-1.31.1-22.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"busybox-petitboot-1.31.1-22.oe2003sp4.x86_64.rpm", + "name":"busybox-petitboot-1.31.1-22.oe2003sp4.x86_64.rpm" + }, + "name":"busybox-petitboot-1.31.1-22.oe2003sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-1.31.1-22.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.aarch64", + "name":"busybox-1.31.1-22.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-debuginfo-1.31.1-22.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-debuginfo-1.31.1-22.oe2003sp4.aarch64", + "name":"busybox-debuginfo-1.31.1-22.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-debugsource-1.31.1-22.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-debugsource-1.31.1-22.oe2003sp4.aarch64", + "name":"busybox-debugsource-1.31.1-22.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-help-1.31.1-22.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-help-1.31.1-22.oe2003sp4.aarch64", + "name":"busybox-help-1.31.1-22.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-petitboot-1.31.1-22.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-petitboot-1.31.1-22.oe2003sp4.aarch64", + "name":"busybox-petitboot-1.31.1-22.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-1.31.1-22.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.src", + "name":"busybox-1.31.1-22.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-1.31.1-22.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.x86_64", + "name":"busybox-1.31.1-22.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-debuginfo-1.31.1-22.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-debuginfo-1.31.1-22.oe2003sp4.x86_64", + "name":"busybox-debuginfo-1.31.1-22.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-debugsource-1.31.1-22.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-debugsource-1.31.1-22.oe2003sp4.x86_64", + "name":"busybox-debugsource-1.31.1-22.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-help-1.31.1-22.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-help-1.31.1-22.oe2003sp4.x86_64", + "name":"busybox-help-1.31.1-22.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"busybox-petitboot-1.31.1-22.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:busybox-petitboot-1.31.1-22.oe2003sp4.x86_64", + "name":"busybox-petitboot-1.31.1-22.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2023-42363", + "notes":[ + { + "text":"A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-debuginfo-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-debugsource-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-help-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-petitboot-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-debuginfo-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-debugsource-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-help-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-petitboot-1.31.1-22.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-debuginfo-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-debugsource-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-help-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-petitboot-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-debuginfo-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-debugsource-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-help-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-petitboot-1.31.1-22.oe2003sp4.x86_64" + ], + "details":"busybox security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1901" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-debuginfo-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-debugsource-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-help-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-petitboot-1.31.1-22.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:busybox-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-debuginfo-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-debugsource-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-help-1.31.1-22.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:busybox-petitboot-1.31.1-22.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-42363" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1902.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1902.json new file mode 100644 index 0000000..85880da --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1902.json @@ -0,0 +1,443 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"busybox security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for busybox is now available for openEuler-24.03-LTS", + "category":"general", + "title":"Summary" + }, + { + "text":"BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system.\n\nSecurity Fix(es):\n\nA use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.(CVE-2023-42363)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for busybox is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"busybox", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1902", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1902" + }, + { + "summary":"CVE-2023-42363", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-42363&packageName=busybox" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42363" + }, + { + "summary":"openEuler-SA-2024-1902 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1902.json" + } + ], + "title":"An update for busybox is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:53+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:53+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:53+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:53+08:00", + "id":"openEuler-SA-2024-1902", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-1.36.1-6.oe2403.x86_64.rpm", + "name":"busybox-1.36.1-6.oe2403.x86_64.rpm" + }, + "name":"busybox-1.36.1-6.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-debuginfo-1.36.1-6.oe2403.x86_64.rpm", + "name":"busybox-debuginfo-1.36.1-6.oe2403.x86_64.rpm" + }, + "name":"busybox-debuginfo-1.36.1-6.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-debugsource-1.36.1-6.oe2403.x86_64.rpm", + "name":"busybox-debugsource-1.36.1-6.oe2403.x86_64.rpm" + }, + "name":"busybox-debugsource-1.36.1-6.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-help-1.36.1-6.oe2403.x86_64.rpm", + "name":"busybox-help-1.36.1-6.oe2403.x86_64.rpm" + }, + "name":"busybox-help-1.36.1-6.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-petitboot-1.36.1-6.oe2403.x86_64.rpm", + "name":"busybox-petitboot-1.36.1-6.oe2403.x86_64.rpm" + }, + "name":"busybox-petitboot-1.36.1-6.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-1.36.1-6.oe2403.aarch64.rpm", + "name":"busybox-1.36.1-6.oe2403.aarch64.rpm" + }, + "name":"busybox-1.36.1-6.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-debuginfo-1.36.1-6.oe2403.aarch64.rpm", + "name":"busybox-debuginfo-1.36.1-6.oe2403.aarch64.rpm" + }, + "name":"busybox-debuginfo-1.36.1-6.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-debugsource-1.36.1-6.oe2403.aarch64.rpm", + "name":"busybox-debugsource-1.36.1-6.oe2403.aarch64.rpm" + }, + "name":"busybox-debugsource-1.36.1-6.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-help-1.36.1-6.oe2403.aarch64.rpm", + "name":"busybox-help-1.36.1-6.oe2403.aarch64.rpm" + }, + "name":"busybox-help-1.36.1-6.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-petitboot-1.36.1-6.oe2403.aarch64.rpm", + "name":"busybox-petitboot-1.36.1-6.oe2403.aarch64.rpm" + }, + "name":"busybox-petitboot-1.36.1-6.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"busybox-1.36.1-6.oe2403.src.rpm", + "name":"busybox-1.36.1-6.oe2403.src.rpm" + }, + "name":"busybox-1.36.1-6.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-1.36.1-6.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.x86_64", + "name":"busybox-1.36.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-debuginfo-1.36.1-6.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-debuginfo-1.36.1-6.oe2403.x86_64", + "name":"busybox-debuginfo-1.36.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-debugsource-1.36.1-6.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-debugsource-1.36.1-6.oe2403.x86_64", + "name":"busybox-debugsource-1.36.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-help-1.36.1-6.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-help-1.36.1-6.oe2403.x86_64", + "name":"busybox-help-1.36.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-petitboot-1.36.1-6.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-petitboot-1.36.1-6.oe2403.x86_64", + "name":"busybox-petitboot-1.36.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-1.36.1-6.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.aarch64", + "name":"busybox-1.36.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-debuginfo-1.36.1-6.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-debuginfo-1.36.1-6.oe2403.aarch64", + "name":"busybox-debuginfo-1.36.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-debugsource-1.36.1-6.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-debugsource-1.36.1-6.oe2403.aarch64", + "name":"busybox-debugsource-1.36.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-help-1.36.1-6.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-help-1.36.1-6.oe2403.aarch64", + "name":"busybox-help-1.36.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-petitboot-1.36.1-6.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-petitboot-1.36.1-6.oe2403.aarch64", + "name":"busybox-petitboot-1.36.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"busybox-1.36.1-6.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.src", + "name":"busybox-1.36.1-6.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2023-42363", + "notes":[ + { + "text":"A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-debuginfo-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-debugsource-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-help-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-petitboot-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-debuginfo-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-debugsource-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-help-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-petitboot-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-debuginfo-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-debugsource-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-help-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-petitboot-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-debuginfo-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-debugsource-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-help-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-petitboot-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.src" + ], + "details":"busybox security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1902" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-debuginfo-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-debugsource-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-help-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-petitboot-1.36.1-6.oe2403.x86_64", + "openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-debuginfo-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-debugsource-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-help-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-petitboot-1.36.1-6.oe2403.aarch64", + "openEuler-24.03-LTS:busybox-1.36.1-6.oe2403.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-42363" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1903.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1903.json new file mode 100644 index 0000000..cfae7ed --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1903.json @@ -0,0 +1,397 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"dnsmasq security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for dnsmasq is now available for openEuler-22.03-LTS-SP3", + "category":"general", + "title":"Summary" + }, + { + "text":"Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.\n\nSecurity Fix(es):\n\ndnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.(CVE-2023-49441)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for dnsmasq is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"dnsmasq", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1903", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1903" + }, + { + "summary":"CVE-2023-49441", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-49441&packageName=dnsmasq" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49441" + }, + { + "summary":"openEuler-SA-2024-1903 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1903.json" + } + ], + "title":"An update for dnsmasq is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:55+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:55+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:55+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:55+08:00", + "id":"openEuler-SA-2024-1903", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"dnsmasq-2.86-8.oe2203sp3.aarch64.rpm", + "name":"dnsmasq-2.86-8.oe2203sp3.aarch64.rpm" + }, + "name":"dnsmasq-2.86-8.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"dnsmasq-debuginfo-2.86-8.oe2203sp3.aarch64.rpm", + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp3.aarch64.rpm" + }, + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"dnsmasq-debugsource-2.86-8.oe2203sp3.aarch64.rpm", + "name":"dnsmasq-debugsource-2.86-8.oe2203sp3.aarch64.rpm" + }, + "name":"dnsmasq-debugsource-2.86-8.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"dnsmasq-help-2.86-8.oe2203sp3.aarch64.rpm", + "name":"dnsmasq-help-2.86-8.oe2203sp3.aarch64.rpm" + }, + "name":"dnsmasq-help-2.86-8.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"dnsmasq-2.86-8.oe2203sp3.src.rpm", + "name":"dnsmasq-2.86-8.oe2203sp3.src.rpm" + }, + "name":"dnsmasq-2.86-8.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"dnsmasq-2.86-8.oe2203sp3.x86_64.rpm", + "name":"dnsmasq-2.86-8.oe2203sp3.x86_64.rpm" + }, + "name":"dnsmasq-2.86-8.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"dnsmasq-debuginfo-2.86-8.oe2203sp3.x86_64.rpm", + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp3.x86_64.rpm" + }, + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"dnsmasq-debugsource-2.86-8.oe2203sp3.x86_64.rpm", + "name":"dnsmasq-debugsource-2.86-8.oe2203sp3.x86_64.rpm" + }, + "name":"dnsmasq-debugsource-2.86-8.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"dnsmasq-help-2.86-8.oe2203sp3.x86_64.rpm", + "name":"dnsmasq-help-2.86-8.oe2203sp3.x86_64.rpm" + }, + "name":"dnsmasq-help-2.86-8.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"dnsmasq-2.86-8.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.aarch64", + "name":"dnsmasq-2.86-8.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"dnsmasq-debuginfo-2.86-8.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:dnsmasq-debuginfo-2.86-8.oe2203sp3.aarch64", + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"dnsmasq-debugsource-2.86-8.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:dnsmasq-debugsource-2.86-8.oe2203sp3.aarch64", + "name":"dnsmasq-debugsource-2.86-8.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"dnsmasq-help-2.86-8.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:dnsmasq-help-2.86-8.oe2203sp3.aarch64", + "name":"dnsmasq-help-2.86-8.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"dnsmasq-2.86-8.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.src", + "name":"dnsmasq-2.86-8.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"dnsmasq-2.86-8.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.x86_64", + "name":"dnsmasq-2.86-8.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"dnsmasq-debuginfo-2.86-8.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:dnsmasq-debuginfo-2.86-8.oe2203sp3.x86_64", + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"dnsmasq-debugsource-2.86-8.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:dnsmasq-debugsource-2.86-8.oe2203sp3.x86_64", + "name":"dnsmasq-debugsource-2.86-8.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"dnsmasq-help-2.86-8.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:dnsmasq-help-2.86-8.oe2203sp3.x86_64", + "name":"dnsmasq-help-2.86-8.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2023-49441", + "notes":[ + { + "text":"dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-debuginfo-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-debugsource-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-help-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:dnsmasq-debuginfo-2.86-8.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:dnsmasq-debugsource-2.86-8.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:dnsmasq-help-2.86-8.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-debuginfo-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-debugsource-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-help-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:dnsmasq-debuginfo-2.86-8.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:dnsmasq-debugsource-2.86-8.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:dnsmasq-help-2.86-8.oe2203sp3.x86_64" + ], + "details":"dnsmasq security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1903" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-debuginfo-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-debugsource-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-help-2.86-8.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:dnsmasq-2.86-8.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:dnsmasq-debuginfo-2.86-8.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:dnsmasq-debugsource-2.86-8.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:dnsmasq-help-2.86-8.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-49441" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1904.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1904.json new file mode 100644 index 0000000..2b1c12a --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1904.json @@ -0,0 +1,397 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"dnsmasq security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for dnsmasq is now available for openEuler-20.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.\n\nSecurity Fix(es):\n\ndnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.(CVE-2023-49441)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for dnsmasq is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"dnsmasq", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1904", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1904" + }, + { + "summary":"CVE-2023-49441", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-49441&packageName=dnsmasq" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49441" + }, + { + "summary":"openEuler-SA-2024-1904 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1904.json" + } + ], + "title":"An update for dnsmasq is now available for openEuler-20.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:56+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:56+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:56+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:56+08:00", + "id":"openEuler-SA-2024-1904", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"dnsmasq-2.82-15.oe2003sp4.aarch64.rpm", + "name":"dnsmasq-2.82-15.oe2003sp4.aarch64.rpm" + }, + "name":"dnsmasq-2.82-15.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"dnsmasq-debuginfo-2.82-15.oe2003sp4.aarch64.rpm", + "name":"dnsmasq-debuginfo-2.82-15.oe2003sp4.aarch64.rpm" + }, + "name":"dnsmasq-debuginfo-2.82-15.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"dnsmasq-debugsource-2.82-15.oe2003sp4.aarch64.rpm", + "name":"dnsmasq-debugsource-2.82-15.oe2003sp4.aarch64.rpm" + }, + "name":"dnsmasq-debugsource-2.82-15.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"dnsmasq-help-2.82-15.oe2003sp4.aarch64.rpm", + "name":"dnsmasq-help-2.82-15.oe2003sp4.aarch64.rpm" + }, + "name":"dnsmasq-help-2.82-15.oe2003sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"dnsmasq-2.82-15.oe2003sp4.src.rpm", + "name":"dnsmasq-2.82-15.oe2003sp4.src.rpm" + }, + "name":"dnsmasq-2.82-15.oe2003sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"dnsmasq-2.82-15.oe2003sp4.x86_64.rpm", + "name":"dnsmasq-2.82-15.oe2003sp4.x86_64.rpm" + }, + "name":"dnsmasq-2.82-15.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"dnsmasq-debuginfo-2.82-15.oe2003sp4.x86_64.rpm", + "name":"dnsmasq-debuginfo-2.82-15.oe2003sp4.x86_64.rpm" + }, + "name":"dnsmasq-debuginfo-2.82-15.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"dnsmasq-debugsource-2.82-15.oe2003sp4.x86_64.rpm", + "name":"dnsmasq-debugsource-2.82-15.oe2003sp4.x86_64.rpm" + }, + "name":"dnsmasq-debugsource-2.82-15.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"dnsmasq-help-2.82-15.oe2003sp4.x86_64.rpm", + "name":"dnsmasq-help-2.82-15.oe2003sp4.x86_64.rpm" + }, + "name":"dnsmasq-help-2.82-15.oe2003sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"dnsmasq-2.82-15.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.aarch64", + "name":"dnsmasq-2.82-15.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"dnsmasq-debuginfo-2.82-15.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-15.oe2003sp4.aarch64", + "name":"dnsmasq-debuginfo-2.82-15.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"dnsmasq-debugsource-2.82-15.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-15.oe2003sp4.aarch64", + "name":"dnsmasq-debugsource-2.82-15.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"dnsmasq-help-2.82-15.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-15.oe2003sp4.aarch64", + "name":"dnsmasq-help-2.82-15.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"dnsmasq-2.82-15.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.src", + "name":"dnsmasq-2.82-15.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"dnsmasq-2.82-15.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.x86_64", + "name":"dnsmasq-2.82-15.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"dnsmasq-debuginfo-2.82-15.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-15.oe2003sp4.x86_64", + "name":"dnsmasq-debuginfo-2.82-15.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"dnsmasq-debugsource-2.82-15.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-15.oe2003sp4.x86_64", + "name":"dnsmasq-debugsource-2.82-15.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"dnsmasq-help-2.82-15.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-15.oe2003sp4.x86_64", + "name":"dnsmasq-help-2.82-15.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2023-49441", + "notes":[ + { + "text":"dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-15.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-15.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-15.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-15.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-15.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-15.oe2003sp4.x86_64" + ], + "details":"dnsmasq security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1904" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-15.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:dnsmasq-2.82-15.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-15.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-15.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-15.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-49441" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1905.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1905.json new file mode 100644 index 0000000..1d82925 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1905.json @@ -0,0 +1,397 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"dnsmasq security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for dnsmasq is now available for openEuler-22.03-LTS-SP1", + "category":"general", + "title":"Summary" + }, + { + "text":"Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.\n\nSecurity Fix(es):\n\ndnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.(CVE-2023-49441)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for dnsmasq is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"dnsmasq", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1905", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1905" + }, + { + "summary":"CVE-2023-49441", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-49441&packageName=dnsmasq" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49441" + }, + { + "summary":"openEuler-SA-2024-1905 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1905.json" + } + ], + "title":"An update for dnsmasq is now available for openEuler-22.03-LTS-SP1", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:57+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:57+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:57+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:57+08:00", + "id":"openEuler-SA-2024-1905", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"dnsmasq-2.86-8.oe2203sp1.aarch64.rpm", + "name":"dnsmasq-2.86-8.oe2203sp1.aarch64.rpm" + }, + "name":"dnsmasq-2.86-8.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"dnsmasq-debuginfo-2.86-8.oe2203sp1.aarch64.rpm", + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp1.aarch64.rpm" + }, + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"dnsmasq-debugsource-2.86-8.oe2203sp1.aarch64.rpm", + "name":"dnsmasq-debugsource-2.86-8.oe2203sp1.aarch64.rpm" + }, + "name":"dnsmasq-debugsource-2.86-8.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"dnsmasq-help-2.86-8.oe2203sp1.aarch64.rpm", + "name":"dnsmasq-help-2.86-8.oe2203sp1.aarch64.rpm" + }, + "name":"dnsmasq-help-2.86-8.oe2203sp1.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"dnsmasq-2.86-8.oe2203sp1.src.rpm", + "name":"dnsmasq-2.86-8.oe2203sp1.src.rpm" + }, + "name":"dnsmasq-2.86-8.oe2203sp1.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"dnsmasq-2.86-8.oe2203sp1.x86_64.rpm", + "name":"dnsmasq-2.86-8.oe2203sp1.x86_64.rpm" + }, + "name":"dnsmasq-2.86-8.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"dnsmasq-debuginfo-2.86-8.oe2203sp1.x86_64.rpm", + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp1.x86_64.rpm" + }, + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"dnsmasq-debugsource-2.86-8.oe2203sp1.x86_64.rpm", + "name":"dnsmasq-debugsource-2.86-8.oe2203sp1.x86_64.rpm" + }, + "name":"dnsmasq-debugsource-2.86-8.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"dnsmasq-help-2.86-8.oe2203sp1.x86_64.rpm", + "name":"dnsmasq-help-2.86-8.oe2203sp1.x86_64.rpm" + }, + "name":"dnsmasq-help-2.86-8.oe2203sp1.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"dnsmasq-2.86-8.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.aarch64", + "name":"dnsmasq-2.86-8.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"dnsmasq-debuginfo-2.86-8.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:dnsmasq-debuginfo-2.86-8.oe2203sp1.aarch64", + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"dnsmasq-debugsource-2.86-8.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:dnsmasq-debugsource-2.86-8.oe2203sp1.aarch64", + "name":"dnsmasq-debugsource-2.86-8.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"dnsmasq-help-2.86-8.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:dnsmasq-help-2.86-8.oe2203sp1.aarch64", + "name":"dnsmasq-help-2.86-8.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"dnsmasq-2.86-8.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.src", + "name":"dnsmasq-2.86-8.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"dnsmasq-2.86-8.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.x86_64", + "name":"dnsmasq-2.86-8.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"dnsmasq-debuginfo-2.86-8.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:dnsmasq-debuginfo-2.86-8.oe2203sp1.x86_64", + "name":"dnsmasq-debuginfo-2.86-8.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"dnsmasq-debugsource-2.86-8.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:dnsmasq-debugsource-2.86-8.oe2203sp1.x86_64", + "name":"dnsmasq-debugsource-2.86-8.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"dnsmasq-help-2.86-8.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:dnsmasq-help-2.86-8.oe2203sp1.x86_64", + "name":"dnsmasq-help-2.86-8.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2023-49441", + "notes":[ + { + "text":"dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-debuginfo-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-debugsource-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-help-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:dnsmasq-debuginfo-2.86-8.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:dnsmasq-debugsource-2.86-8.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:dnsmasq-help-2.86-8.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-debuginfo-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-debugsource-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-help-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:dnsmasq-debuginfo-2.86-8.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:dnsmasq-debugsource-2.86-8.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:dnsmasq-help-2.86-8.oe2203sp1.x86_64" + ], + "details":"dnsmasq security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1905" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-debuginfo-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-debugsource-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-help-2.86-8.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:dnsmasq-2.86-8.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:dnsmasq-debuginfo-2.86-8.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:dnsmasq-debugsource-2.86-8.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:dnsmasq-help-2.86-8.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-49441" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1906.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1906.json new file mode 100644 index 0000000..c167d53 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1906.json @@ -0,0 +1,1704 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"openjdk-11 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for openjdk-11 is now available for openEuler-20.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"The OpenJDK runtime environment.\n\nSecurity Fix(es):\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2024-21131)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21138)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21140)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21144)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21145)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-21147)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for openjdk-11 is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"openjdk-11", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1906", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906" + }, + { + "summary":"CVE-2024-21131", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21131&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21138", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21138&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21140", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21140&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21144", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21144&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21145", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21145&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21147", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21147&packageName=openjdk-11" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21131" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21138" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21140" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21144" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21145" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21147" + }, + { + "summary":"openEuler-SA-2024-1906 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1906.json" + } + ], + "title":"An update for openjdk-11 is now available for openEuler-20.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:58:59+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:58:59+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:58:59+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:58:59+08:00", + "id":"openEuler-SA-2024-1906", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2003sp4.src.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2003sp4.src.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2003sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src", + "name":"java-11-openjdk-11.0.24.8-0.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21131", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21131" + }, + { + "cve":"CVE-2024-21138", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21138" + }, + { + "cve":"CVE-2024-21140", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.8, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21140" + }, + { + "cve":"CVE-2024-21144", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21144" + }, + { + "cve":"CVE-2024-21145", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.8, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21145" + }, + { + "cve":"CVE-2024-21147", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.4, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2003sp4.src" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-21147" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1907.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1907.json new file mode 100644 index 0000000..470ee37 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1907.json @@ -0,0 +1,1704 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"openjdk-11 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for openjdk-11 is now available for openEuler-22.03-LTS-SP1", + "category":"general", + "title":"Summary" + }, + { + "text":"The OpenJDK runtime environment.\n\nSecurity Fix(es):\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2024-21131)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21138)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21140)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21144)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21145)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-21147)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for openjdk-11 is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"openjdk-11", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1907", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907" + }, + { + "summary":"CVE-2024-21131", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21131&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21138", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21138&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21140", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21140&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21144", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21144&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21145", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21145&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21147", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21147&packageName=openjdk-11" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21131" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21138" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21140" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21144" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21145" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21147" + }, + { + "summary":"openEuler-SA-2024-1907 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1907.json" + } + ], + "title":"An update for openjdk-11 is now available for openEuler-22.03-LTS-SP1", + "tracking":{ + "initial_release_date":"2024-07-26T20:59:00+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:59:00+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:59:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:59:00+08:00", + "id":"openEuler-SA-2024-1907", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2203sp1.src.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp1.src.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp1.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm" + }, + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm" + }, + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21131", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21131" + }, + { + "cve":"CVE-2024-21138", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21138" + }, + { + "cve":"CVE-2024-21140", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.8, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21140" + }, + { + "cve":"CVE-2024-21144", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21144" + }, + { + "cve":"CVE-2024-21145", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.8, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21145" + }, + { + "cve":"CVE-2024-21147", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.4, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-21147" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1908.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1908.json new file mode 100644 index 0000000..a65576b --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1908.json @@ -0,0 +1,1704 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"openjdk-11 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for openjdk-11 is now available for openEuler-22.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"The OpenJDK runtime environment.\n\nSecurity Fix(es):\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2024-21131)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21138)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21140)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21144)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21145)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-21147)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for openjdk-11 is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"openjdk-11", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1908", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908" + }, + { + "summary":"CVE-2024-21131", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21131&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21138", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21138&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21140", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21140&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21144", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21144&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21145", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21145&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21147", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21147&packageName=openjdk-11" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21131" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21138" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21140" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21144" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21145" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21147" + }, + { + "summary":"openEuler-SA-2024-1908 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1908.json" + } + ], + "title":"An update for openjdk-11 is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:59:02+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:59:02+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:59:02+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:59:02+08:00", + "id":"openEuler-SA-2024-1908", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2203sp4.src.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp4.src.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm" + }, + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm" + }, + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21131", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21131" + }, + { + "cve":"CVE-2024-21138", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21138" + }, + { + "cve":"CVE-2024-21140", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.8, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21140" + }, + { + "cve":"CVE-2024-21144", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21144" + }, + { + "cve":"CVE-2024-21145", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.8, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21145" + }, + { + "cve":"CVE-2024-21147", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.4, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-21147" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1909.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1909.json new file mode 100644 index 0000000..3b1f4bd --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1909.json @@ -0,0 +1,1704 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"openjdk-11 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for openjdk-11 is now available for openEuler-22.03-LTS-SP3", + "category":"general", + "title":"Summary" + }, + { + "text":"The OpenJDK runtime environment.\n\nSecurity Fix(es):\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2024-21131)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21138)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21140)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21144)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21145)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-21147)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for openjdk-11 is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"openjdk-11", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1909", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909" + }, + { + "summary":"CVE-2024-21131", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21131&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21138", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21138&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21140", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21140&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21144", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21144&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21145", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21145&packageName=openjdk-11" + }, + { + "summary":"CVE-2024-21147", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21147&packageName=openjdk-11" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21131" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21138" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21140" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21144" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21145" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21147" + }, + { + "summary":"openEuler-SA-2024-1909 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1909.json" + } + ], + "title":"An update for openjdk-11 is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-07-26T20:59:04+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:59:04+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:59:04+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:59:04+08:00", + "id":"openEuler-SA-2024-1909", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm" + }, + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2203sp3.src.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp3.src.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm" + }, + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "name":"java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21131", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21131" + }, + { + "cve":"CVE-2024-21138", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21138" + }, + { + "cve":"CVE-2024-21140", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.8, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21140" + }, + { + "cve":"CVE-2024-21144", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.7, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-21144" + }, + { + "cve":"CVE-2024-21145", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.8, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21145" + }, + { + "cve":"CVE-2024-21147", + "notes":[ + { + "text":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ], + "details":"openjdk-11 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.4, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-21147" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1910.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1910.json new file mode 100644 index 0000000..036cb1f --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1910.json @@ -0,0 +1,449 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"assimp security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for assimp is now available for openEuler-24.03-LTS", + "category":"general", + "title":"Summary" + }, + { + "text":"Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose.\n\nSecurity Fix(es):\n\nHeap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.(CVE-2024-40724)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for assimp is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"assimp", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1910", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1910" + }, + { + "summary":"CVE-2024-40724", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40724&packageName=assimp" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40724" + }, + { + "summary":"openEuler-SA-2024-1910 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1910.json" + } + ], + "title":"An update for assimp is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-07-26T20:59:06+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:59:06+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:59:06+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:59:06+08:00", + "id":"openEuler-SA-2024-1910", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"assimp-5.3.1-3.oe2403.aarch64.rpm", + "name":"assimp-5.3.1-3.oe2403.aarch64.rpm" + }, + "name":"assimp-5.3.1-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"assimp-debuginfo-5.3.1-3.oe2403.aarch64.rpm", + "name":"assimp-debuginfo-5.3.1-3.oe2403.aarch64.rpm" + }, + "name":"assimp-debuginfo-5.3.1-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"assimp-debugsource-5.3.1-3.oe2403.aarch64.rpm", + "name":"assimp-debugsource-5.3.1-3.oe2403.aarch64.rpm" + }, + "name":"assimp-debugsource-5.3.1-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"assimp-devel-5.3.1-3.oe2403.aarch64.rpm", + "name":"assimp-devel-5.3.1-3.oe2403.aarch64.rpm" + }, + "name":"assimp-devel-5.3.1-3.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"assimp-5.3.1-3.oe2403.src.rpm", + "name":"assimp-5.3.1-3.oe2403.src.rpm" + }, + "name":"assimp-5.3.1-3.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"assimp-5.3.1-3.oe2403.x86_64.rpm", + "name":"assimp-5.3.1-3.oe2403.x86_64.rpm" + }, + "name":"assimp-5.3.1-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"assimp-debuginfo-5.3.1-3.oe2403.x86_64.rpm", + "name":"assimp-debuginfo-5.3.1-3.oe2403.x86_64.rpm" + }, + "name":"assimp-debuginfo-5.3.1-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"assimp-debugsource-5.3.1-3.oe2403.x86_64.rpm", + "name":"assimp-debugsource-5.3.1-3.oe2403.x86_64.rpm" + }, + "name":"assimp-debugsource-5.3.1-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"assimp-devel-5.3.1-3.oe2403.x86_64.rpm", + "name":"assimp-devel-5.3.1-3.oe2403.x86_64.rpm" + }, + "name":"assimp-devel-5.3.1-3.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"assimp-help-5.3.1-3.oe2403.noarch.rpm", + "name":"assimp-help-5.3.1-3.oe2403.noarch.rpm" + }, + "name":"assimp-help-5.3.1-3.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-assimp-5.3.1-3.oe2403.noarch.rpm", + "name":"python3-assimp-5.3.1-3.oe2403.noarch.rpm" + }, + "name":"python3-assimp-5.3.1-3.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"assimp-5.3.1-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.aarch64", + "name":"assimp-5.3.1-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"assimp-debuginfo-5.3.1-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:assimp-debuginfo-5.3.1-3.oe2403.aarch64", + "name":"assimp-debuginfo-5.3.1-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"assimp-debugsource-5.3.1-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:assimp-debugsource-5.3.1-3.oe2403.aarch64", + "name":"assimp-debugsource-5.3.1-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"assimp-devel-5.3.1-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:assimp-devel-5.3.1-3.oe2403.aarch64", + "name":"assimp-devel-5.3.1-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"assimp-5.3.1-3.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.src", + "name":"assimp-5.3.1-3.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"assimp-5.3.1-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.x86_64", + "name":"assimp-5.3.1-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"assimp-debuginfo-5.3.1-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:assimp-debuginfo-5.3.1-3.oe2403.x86_64", + "name":"assimp-debuginfo-5.3.1-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"assimp-debugsource-5.3.1-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:assimp-debugsource-5.3.1-3.oe2403.x86_64", + "name":"assimp-debugsource-5.3.1-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"assimp-devel-5.3.1-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:assimp-devel-5.3.1-3.oe2403.x86_64", + "name":"assimp-devel-5.3.1-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"assimp-help-5.3.1-3.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:assimp-help-5.3.1-3.oe2403.noarch", + "name":"assimp-help-5.3.1-3.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-assimp-5.3.1-3.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-assimp-5.3.1-3.oe2403.noarch", + "name":"python3-assimp-5.3.1-3.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-40724", + "notes":[ + { + "text":"Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-debugsource-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-devel-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.src", + "openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-debugsource-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-devel-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-help-5.3.1-3.oe2403.noarch", + "openEuler-24.03-LTS:python3-assimp-5.3.1-3.oe2403.noarch" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-debugsource-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-devel-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.src", + "openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-debugsource-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-devel-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-help-5.3.1-3.oe2403.noarch", + "openEuler-24.03-LTS:python3-assimp-5.3.1-3.oe2403.noarch" + ], + "details":"assimp security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1910" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-debugsource-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-devel-5.3.1-3.oe2403.aarch64", + "openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.src", + "openEuler-24.03-LTS:assimp-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-debugsource-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-devel-5.3.1-3.oe2403.x86_64", + "openEuler-24.03-LTS:assimp-help-5.3.1-3.oe2403.noarch", + "openEuler-24.03-LTS:python3-assimp-5.3.1-3.oe2403.noarch" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-40724" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1911.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1911.json new file mode 100644 index 0000000..0cef1e2 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1911.json @@ -0,0 +1,449 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"assimp security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for assimp is now available for openEuler-22.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose.\n\nSecurity Fix(es):\n\nHeap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.(CVE-2024-40724)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for assimp is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"assimp", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1911", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1911" + }, + { + "summary":"CVE-2024-40724", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40724&packageName=assimp" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40724" + }, + { + "summary":"openEuler-SA-2024-1911 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1911.json" + } + ], + "title":"An update for assimp is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:59:07+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:59:07+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:59:07+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:59:07+08:00", + "id":"openEuler-SA-2024-1911", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"assimp-5.2.4-2.oe2203sp4.aarch64.rpm", + "name":"assimp-5.2.4-2.oe2203sp4.aarch64.rpm" + }, + "name":"assimp-5.2.4-2.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"assimp-debuginfo-5.2.4-2.oe2203sp4.aarch64.rpm", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp4.aarch64.rpm" + }, + "name":"assimp-debuginfo-5.2.4-2.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"assimp-debugsource-5.2.4-2.oe2203sp4.aarch64.rpm", + "name":"assimp-debugsource-5.2.4-2.oe2203sp4.aarch64.rpm" + }, + "name":"assimp-debugsource-5.2.4-2.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"assimp-devel-5.2.4-2.oe2203sp4.aarch64.rpm", + "name":"assimp-devel-5.2.4-2.oe2203sp4.aarch64.rpm" + }, + "name":"assimp-devel-5.2.4-2.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"assimp-5.2.4-2.oe2203sp4.src.rpm", + "name":"assimp-5.2.4-2.oe2203sp4.src.rpm" + }, + "name":"assimp-5.2.4-2.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"assimp-5.2.4-2.oe2203sp4.x86_64.rpm", + "name":"assimp-5.2.4-2.oe2203sp4.x86_64.rpm" + }, + "name":"assimp-5.2.4-2.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"assimp-debuginfo-5.2.4-2.oe2203sp4.x86_64.rpm", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp4.x86_64.rpm" + }, + "name":"assimp-debuginfo-5.2.4-2.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"assimp-debugsource-5.2.4-2.oe2203sp4.x86_64.rpm", + "name":"assimp-debugsource-5.2.4-2.oe2203sp4.x86_64.rpm" + }, + "name":"assimp-debugsource-5.2.4-2.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"assimp-devel-5.2.4-2.oe2203sp4.x86_64.rpm", + "name":"assimp-devel-5.2.4-2.oe2203sp4.x86_64.rpm" + }, + "name":"assimp-devel-5.2.4-2.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"assimp-help-5.2.4-2.oe2203sp4.noarch.rpm", + "name":"assimp-help-5.2.4-2.oe2203sp4.noarch.rpm" + }, + "name":"assimp-help-5.2.4-2.oe2203sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python3-assimp-5.2.4-2.oe2203sp4.noarch.rpm", + "name":"python3-assimp-5.2.4-2.oe2203sp4.noarch.rpm" + }, + "name":"python3-assimp-5.2.4-2.oe2203sp4.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"assimp-5.2.4-2.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.aarch64", + "name":"assimp-5.2.4-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"assimp-debuginfo-5.2.4-2.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:assimp-debuginfo-5.2.4-2.oe2203sp4.aarch64", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"assimp-debugsource-5.2.4-2.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:assimp-debugsource-5.2.4-2.oe2203sp4.aarch64", + "name":"assimp-debugsource-5.2.4-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"assimp-devel-5.2.4-2.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:assimp-devel-5.2.4-2.oe2203sp4.aarch64", + "name":"assimp-devel-5.2.4-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"assimp-5.2.4-2.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.src", + "name":"assimp-5.2.4-2.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"assimp-5.2.4-2.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.x86_64", + "name":"assimp-5.2.4-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"assimp-debuginfo-5.2.4-2.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:assimp-debuginfo-5.2.4-2.oe2203sp4.x86_64", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"assimp-debugsource-5.2.4-2.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:assimp-debugsource-5.2.4-2.oe2203sp4.x86_64", + "name":"assimp-debugsource-5.2.4-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"assimp-devel-5.2.4-2.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:assimp-devel-5.2.4-2.oe2203sp4.x86_64", + "name":"assimp-devel-5.2.4-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"assimp-help-5.2.4-2.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:assimp-help-5.2.4-2.oe2203sp4.noarch", + "name":"assimp-help-5.2.4-2.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python3-assimp-5.2.4-2.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python3-assimp-5.2.4-2.oe2203sp4.noarch", + "name":"python3-assimp-5.2.4-2.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-40724", + "notes":[ + { + "text":"Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-debuginfo-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-debugsource-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-devel-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-debuginfo-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-debugsource-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-devel-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-help-5.2.4-2.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python3-assimp-5.2.4-2.oe2203sp4.noarch" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-debuginfo-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-debugsource-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-devel-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-debuginfo-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-debugsource-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-devel-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-help-5.2.4-2.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python3-assimp-5.2.4-2.oe2203sp4.noarch" + ], + "details":"assimp security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1911" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-debuginfo-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-debugsource-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-devel-5.2.4-2.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:assimp-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-debuginfo-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-debugsource-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-devel-5.2.4-2.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:assimp-help-5.2.4-2.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python3-assimp-5.2.4-2.oe2203sp4.noarch" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-40724" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1912.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1912.json new file mode 100644 index 0000000..4de1fcc --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1912.json @@ -0,0 +1,449 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"assimp security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for assimp is now available for openEuler-22.03-LTS-SP3", + "category":"general", + "title":"Summary" + }, + { + "text":"Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose.\n\nSecurity Fix(es):\n\nHeap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.(CVE-2024-40724)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for assimp is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"assimp", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1912", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1912" + }, + { + "summary":"CVE-2024-40724", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40724&packageName=assimp" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40724" + }, + { + "summary":"openEuler-SA-2024-1912 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1912.json" + } + ], + "title":"An update for assimp is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-07-26T20:59:08+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:59:08+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:59:08+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:59:08+08:00", + "id":"openEuler-SA-2024-1912", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"assimp-5.2.4-2.oe2203sp3.aarch64.rpm", + "name":"assimp-5.2.4-2.oe2203sp3.aarch64.rpm" + }, + "name":"assimp-5.2.4-2.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"assimp-debuginfo-5.2.4-2.oe2203sp3.aarch64.rpm", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp3.aarch64.rpm" + }, + "name":"assimp-debuginfo-5.2.4-2.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"assimp-debugsource-5.2.4-2.oe2203sp3.aarch64.rpm", + "name":"assimp-debugsource-5.2.4-2.oe2203sp3.aarch64.rpm" + }, + "name":"assimp-debugsource-5.2.4-2.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"assimp-devel-5.2.4-2.oe2203sp3.aarch64.rpm", + "name":"assimp-devel-5.2.4-2.oe2203sp3.aarch64.rpm" + }, + "name":"assimp-devel-5.2.4-2.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"assimp-5.2.4-2.oe2203sp3.src.rpm", + "name":"assimp-5.2.4-2.oe2203sp3.src.rpm" + }, + "name":"assimp-5.2.4-2.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"assimp-5.2.4-2.oe2203sp3.x86_64.rpm", + "name":"assimp-5.2.4-2.oe2203sp3.x86_64.rpm" + }, + "name":"assimp-5.2.4-2.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"assimp-debuginfo-5.2.4-2.oe2203sp3.x86_64.rpm", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp3.x86_64.rpm" + }, + "name":"assimp-debuginfo-5.2.4-2.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"assimp-debugsource-5.2.4-2.oe2203sp3.x86_64.rpm", + "name":"assimp-debugsource-5.2.4-2.oe2203sp3.x86_64.rpm" + }, + "name":"assimp-debugsource-5.2.4-2.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"assimp-devel-5.2.4-2.oe2203sp3.x86_64.rpm", + "name":"assimp-devel-5.2.4-2.oe2203sp3.x86_64.rpm" + }, + "name":"assimp-devel-5.2.4-2.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"assimp-help-5.2.4-2.oe2203sp3.noarch.rpm", + "name":"assimp-help-5.2.4-2.oe2203sp3.noarch.rpm" + }, + "name":"assimp-help-5.2.4-2.oe2203sp3.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-assimp-5.2.4-2.oe2203sp3.noarch.rpm", + "name":"python3-assimp-5.2.4-2.oe2203sp3.noarch.rpm" + }, + "name":"python3-assimp-5.2.4-2.oe2203sp3.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"assimp-5.2.4-2.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.aarch64", + "name":"assimp-5.2.4-2.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"assimp-debuginfo-5.2.4-2.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:assimp-debuginfo-5.2.4-2.oe2203sp3.aarch64", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"assimp-debugsource-5.2.4-2.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:assimp-debugsource-5.2.4-2.oe2203sp3.aarch64", + "name":"assimp-debugsource-5.2.4-2.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"assimp-devel-5.2.4-2.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:assimp-devel-5.2.4-2.oe2203sp3.aarch64", + "name":"assimp-devel-5.2.4-2.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"assimp-5.2.4-2.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.src", + "name":"assimp-5.2.4-2.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"assimp-5.2.4-2.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.x86_64", + "name":"assimp-5.2.4-2.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"assimp-debuginfo-5.2.4-2.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:assimp-debuginfo-5.2.4-2.oe2203sp3.x86_64", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"assimp-debugsource-5.2.4-2.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:assimp-debugsource-5.2.4-2.oe2203sp3.x86_64", + "name":"assimp-debugsource-5.2.4-2.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"assimp-devel-5.2.4-2.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:assimp-devel-5.2.4-2.oe2203sp3.x86_64", + "name":"assimp-devel-5.2.4-2.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"assimp-help-5.2.4-2.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:assimp-help-5.2.4-2.oe2203sp3.noarch", + "name":"assimp-help-5.2.4-2.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-assimp-5.2.4-2.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-assimp-5.2.4-2.oe2203sp3.noarch", + "name":"python3-assimp-5.2.4-2.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-40724", + "notes":[ + { + "text":"Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-debuginfo-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-debugsource-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-devel-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-debuginfo-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-debugsource-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-devel-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-help-5.2.4-2.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python3-assimp-5.2.4-2.oe2203sp3.noarch" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-debuginfo-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-debugsource-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-devel-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-debuginfo-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-debugsource-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-devel-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-help-5.2.4-2.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python3-assimp-5.2.4-2.oe2203sp3.noarch" + ], + "details":"assimp security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1912" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-debuginfo-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-debugsource-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-devel-5.2.4-2.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:assimp-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-debuginfo-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-debugsource-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-devel-5.2.4-2.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:assimp-help-5.2.4-2.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python3-assimp-5.2.4-2.oe2203sp3.noarch" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-40724" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1913.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1913.json new file mode 100644 index 0000000..b404c89 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1913.json @@ -0,0 +1,449 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"assimp security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for assimp is now available for openEuler-22.03-LTS-SP1", + "category":"general", + "title":"Summary" + }, + { + "text":"Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose.\n\nSecurity Fix(es):\n\nHeap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.(CVE-2024-40724)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for assimp is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"assimp", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1913", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1913" + }, + { + "summary":"CVE-2024-40724", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40724&packageName=assimp" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40724" + }, + { + "summary":"openEuler-SA-2024-1913 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1913.json" + } + ], + "title":"An update for assimp is now available for openEuler-22.03-LTS-SP1", + "tracking":{ + "initial_release_date":"2024-07-26T20:59:09+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:59:09+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:59:09+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:59:09+08:00", + "id":"openEuler-SA-2024-1913", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"assimp-5.2.4-2.oe2203sp1.aarch64.rpm", + "name":"assimp-5.2.4-2.oe2203sp1.aarch64.rpm" + }, + "name":"assimp-5.2.4-2.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"assimp-debuginfo-5.2.4-2.oe2203sp1.aarch64.rpm", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp1.aarch64.rpm" + }, + "name":"assimp-debuginfo-5.2.4-2.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"assimp-debugsource-5.2.4-2.oe2203sp1.aarch64.rpm", + "name":"assimp-debugsource-5.2.4-2.oe2203sp1.aarch64.rpm" + }, + "name":"assimp-debugsource-5.2.4-2.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"assimp-devel-5.2.4-2.oe2203sp1.aarch64.rpm", + "name":"assimp-devel-5.2.4-2.oe2203sp1.aarch64.rpm" + }, + "name":"assimp-devel-5.2.4-2.oe2203sp1.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"assimp-5.2.4-2.oe2203sp1.src.rpm", + "name":"assimp-5.2.4-2.oe2203sp1.src.rpm" + }, + "name":"assimp-5.2.4-2.oe2203sp1.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"assimp-5.2.4-2.oe2203sp1.x86_64.rpm", + "name":"assimp-5.2.4-2.oe2203sp1.x86_64.rpm" + }, + "name":"assimp-5.2.4-2.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"assimp-debuginfo-5.2.4-2.oe2203sp1.x86_64.rpm", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp1.x86_64.rpm" + }, + "name":"assimp-debuginfo-5.2.4-2.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"assimp-debugsource-5.2.4-2.oe2203sp1.x86_64.rpm", + "name":"assimp-debugsource-5.2.4-2.oe2203sp1.x86_64.rpm" + }, + "name":"assimp-debugsource-5.2.4-2.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"assimp-devel-5.2.4-2.oe2203sp1.x86_64.rpm", + "name":"assimp-devel-5.2.4-2.oe2203sp1.x86_64.rpm" + }, + "name":"assimp-devel-5.2.4-2.oe2203sp1.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"assimp-help-5.2.4-2.oe2203sp1.noarch.rpm", + "name":"assimp-help-5.2.4-2.oe2203sp1.noarch.rpm" + }, + "name":"assimp-help-5.2.4-2.oe2203sp1.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-assimp-5.2.4-2.oe2203sp1.noarch.rpm", + "name":"python3-assimp-5.2.4-2.oe2203sp1.noarch.rpm" + }, + "name":"python3-assimp-5.2.4-2.oe2203sp1.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"assimp-5.2.4-2.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.aarch64", + "name":"assimp-5.2.4-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"assimp-debuginfo-5.2.4-2.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:assimp-debuginfo-5.2.4-2.oe2203sp1.aarch64", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"assimp-debugsource-5.2.4-2.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:assimp-debugsource-5.2.4-2.oe2203sp1.aarch64", + "name":"assimp-debugsource-5.2.4-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"assimp-devel-5.2.4-2.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:assimp-devel-5.2.4-2.oe2203sp1.aarch64", + "name":"assimp-devel-5.2.4-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"assimp-5.2.4-2.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.src", + "name":"assimp-5.2.4-2.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"assimp-5.2.4-2.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.x86_64", + "name":"assimp-5.2.4-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"assimp-debuginfo-5.2.4-2.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:assimp-debuginfo-5.2.4-2.oe2203sp1.x86_64", + "name":"assimp-debuginfo-5.2.4-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"assimp-debugsource-5.2.4-2.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:assimp-debugsource-5.2.4-2.oe2203sp1.x86_64", + "name":"assimp-debugsource-5.2.4-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"assimp-devel-5.2.4-2.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:assimp-devel-5.2.4-2.oe2203sp1.x86_64", + "name":"assimp-devel-5.2.4-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"assimp-help-5.2.4-2.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:assimp-help-5.2.4-2.oe2203sp1.noarch", + "name":"assimp-help-5.2.4-2.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-assimp-5.2.4-2.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-assimp-5.2.4-2.oe2203sp1.noarch", + "name":"python3-assimp-5.2.4-2.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-40724", + "notes":[ + { + "text":"Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-debuginfo-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-debugsource-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-devel-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-debuginfo-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-debugsource-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-devel-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-help-5.2.4-2.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python3-assimp-5.2.4-2.oe2203sp1.noarch" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-debuginfo-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-debugsource-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-devel-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-debuginfo-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-debugsource-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-devel-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-help-5.2.4-2.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python3-assimp-5.2.4-2.oe2203sp1.noarch" + ], + "details":"assimp security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1913" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-debuginfo-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-debugsource-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-devel-5.2.4-2.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:assimp-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-debuginfo-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-debugsource-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-devel-5.2.4-2.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:assimp-help-5.2.4-2.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python3-assimp-5.2.4-2.oe2203sp1.noarch" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-40724" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1914.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1914.json new file mode 100644 index 0000000..7fd17b2 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1914.json @@ -0,0 +1,1505 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Critical" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"edk2 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for edk2 is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4", + "category":"general", + "title":"Summary" + }, + { + "text":"EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\n\nSecurity Fix(es):\n\nIssue summary: Calling the OpenSSL API function SSL_select_next_proto with an\nempty supported client protocols buffer may cause a crash or memory contents to\nbe sent to the peer.\n\nImpact summary: A buffer overread can have a range of potential consequences\nsuch as unexpected application beahviour or a crash. In particular this issue\ncould result in up to 255 bytes of arbitrary private data from memory being sent\nto the peer leading to a loss of confidentiality. However, only applications\nthat directly call the SSL_select_next_proto function with a 0 length list of\nsupported client protocols are affected by this issue. This would normally never\nbe a valid scenario and is typically not under attacker control but may occur by\naccident in the case of a configuration or programming error in the calling\napplication.\n\nThe OpenSSL API function SSL_select_next_proto is typically used by TLS\napplications that support ALPN (Application Layer Protocol Negotiation) or NPN\n(Next Protocol Negotiation). NPN is older, was never standardised and\nis deprecated in favour of ALPN. We believe that ALPN is significantly more\nwidely deployed than NPN. The SSL_select_next_proto function accepts a list of\nprotocols from the server and a list of protocols from the client and returns\nthe first protocol that appears in the server list that also appears in the\nclient list. In the case of no overlap between the two lists it returns the\nfirst item in the client list. In either case it will signal whether an overlap\nbetween the two lists was found. In the case where SSL_select_next_proto is\ncalled with a zero length client list it fails to notice this condition and\nreturns the memory immediately following the client list pointer (and reports\nthat there was no overlap in the lists).\n\nThis function is typically called from a server side application callback for\nALPN or a client side application callback for NPN. In the case of ALPN the list\nof protocols supplied by the client is guaranteed by libssl to never be zero in\nlength. The list of server protocols comes from the application and should never\nnormally be expected to be of zero length. In this case if the\nSSL_select_next_proto function has been called as expected (with the list\nsupplied by the client passed in the client/client_len parameters), then the\napplication will not be vulnerable to this issue. If the application has\naccidentally been configured with a zero length server list, and has\naccidentally passed that zero length server list in the client/client_len\nparameters, and has additionally failed to correctly handle a \"no overlap\"\nresponse (which would normally result in a handshake failure in ALPN) then it\nwill be vulnerable to this problem.\n\nIn the case of NPN, the protocol permits the client to opportunistically select\na protocol when there is no overlap. OpenSSL returns the first client protocol\nin the no overlap case in support of this. The list of client protocols comes\nfrom the application and should never normally be expected to be of zero length.\nHowever if the SSL_select_next_proto function is accidentally called with a\nclient_len of 0 then an invalid memory pointer will be returned instead. If the\napplication uses this output as the opportunistic protocol then the loss of\nconfidentiality will occur.\n\nThis issue has been assessed as Low severity because applications are most\nlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is not\nwidely used. It also requires an application configuration or programming error.\nFinally, this issue would not typically be under attacker control making active\nexploitation unlikely.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\nDue to the low severity of this issue we are not issuing new releases of\nOpenSSL at this time. The fix will be included in the next releases when they\nbecome available.(CVE-2024-5535)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for edk2 is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Critical", + "category":"general", + "title":"Severity" + }, + { + "text":"edk2", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1914", + "category":"self", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1914" + }, + { + "summary":"CVE-2024-5535", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5535&packageName=edk2" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5535" + }, + { + "summary":"openEuler-SA-2024-1914 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1914.json" + } + ], + "title":"An update for edk2 is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-07-26T20:59:10+08:00", + "revision_history":[ + { + "date":"2024-07-26T20:59:10+08:00", + "summary":"Initial", + "number":"1.0.0" + } + ], + "generator":{ + "date":"2024-07-26T20:59:10+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-07-26T20:59:10+08:00", + "id":"openEuler-SA-2024-1914", + "version":"1.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"edk2-202011-19.oe2203sp3.src.rpm", + "name":"edk2-202011-19.oe2203sp3.src.rpm" + }, + "name":"edk2-202011-19.oe2203sp3.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"edk2-202002-23.oe2003sp4.src.rpm", + "name":"edk2-202002-23.oe2003sp4.src.rpm" + }, + "name":"edk2-202002-23.oe2003sp4.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"edk2-202011-19.oe2203sp1.src.rpm", + "name":"edk2-202011-19.oe2203sp1.src.rpm" + }, + "name":"edk2-202011-19.oe2203sp1.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"edk2-202308-9.oe2403.src.rpm", + "name":"edk2-202308-9.oe2403.src.rpm" + }, + "name":"edk2-202308-9.oe2403.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"edk2-202011-19.oe2203sp4.src.rpm", + "name":"edk2-202011-19.oe2203sp4.src.rpm" + }, + "name":"edk2-202011-19.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"edk2-aarch64-202011-19.oe2203sp3.noarch.rpm", + "name":"edk2-aarch64-202011-19.oe2203sp3.noarch.rpm" + }, + "name":"edk2-aarch64-202011-19.oe2203sp3.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"edk2-help-202011-19.oe2203sp3.noarch.rpm", + "name":"edk2-help-202011-19.oe2203sp3.noarch.rpm" + }, + "name":"edk2-help-202011-19.oe2203sp3.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"edk2-ovmf-202011-19.oe2203sp3.noarch.rpm", + "name":"edk2-ovmf-202011-19.oe2203sp3.noarch.rpm" + }, + "name":"edk2-ovmf-202011-19.oe2203sp3.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-edk2-devel-202011-19.oe2203sp3.noarch.rpm", + "name":"python3-edk2-devel-202011-19.oe2203sp3.noarch.rpm" + }, + "name":"python3-edk2-devel-202011-19.oe2203sp3.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"edk2-aarch64-202002-23.oe2003sp4.noarch.rpm", + "name":"edk2-aarch64-202002-23.oe2003sp4.noarch.rpm" + }, + "name":"edk2-aarch64-202002-23.oe2003sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"edk2-help-202002-23.oe2003sp4.noarch.rpm", + "name":"edk2-help-202002-23.oe2003sp4.noarch.rpm" + }, + "name":"edk2-help-202002-23.oe2003sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"edk2-ovmf-202002-23.oe2003sp4.noarch.rpm", + "name":"edk2-ovmf-202002-23.oe2003sp4.noarch.rpm" + }, + "name":"edk2-ovmf-202002-23.oe2003sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python3-edk2-devel-202002-23.oe2003sp4.noarch.rpm", + "name":"python3-edk2-devel-202002-23.oe2003sp4.noarch.rpm" + }, + "name":"python3-edk2-devel-202002-23.oe2003sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"edk2-aarch64-202011-19.oe2203sp1.noarch.rpm", + "name":"edk2-aarch64-202011-19.oe2203sp1.noarch.rpm" + }, + "name":"edk2-aarch64-202011-19.oe2203sp1.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"edk2-help-202011-19.oe2203sp1.noarch.rpm", + "name":"edk2-help-202011-19.oe2203sp1.noarch.rpm" + }, + "name":"edk2-help-202011-19.oe2203sp1.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"edk2-ovmf-202011-19.oe2203sp1.noarch.rpm", + "name":"edk2-ovmf-202011-19.oe2203sp1.noarch.rpm" + }, + "name":"edk2-ovmf-202011-19.oe2203sp1.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-edk2-devel-202011-19.oe2203sp1.noarch.rpm", + "name":"python3-edk2-devel-202011-19.oe2203sp1.noarch.rpm" + }, + "name":"python3-edk2-devel-202011-19.oe2203sp1.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"edk2-aarch64-202308-9.oe2403.noarch.rpm", + "name":"edk2-aarch64-202308-9.oe2403.noarch.rpm" + }, + "name":"edk2-aarch64-202308-9.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"edk2-help-202308-9.oe2403.noarch.rpm", + "name":"edk2-help-202308-9.oe2403.noarch.rpm" + }, + "name":"edk2-help-202308-9.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"edk2-ovmf-202308-9.oe2403.noarch.rpm", + "name":"edk2-ovmf-202308-9.oe2403.noarch.rpm" + }, + "name":"edk2-ovmf-202308-9.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-edk2-devel-202308-9.oe2403.noarch.rpm", + "name":"python3-edk2-devel-202308-9.oe2403.noarch.rpm" + }, + "name":"python3-edk2-devel-202308-9.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"edk2-aarch64-202011-19.oe2203sp4.noarch.rpm", + "name":"edk2-aarch64-202011-19.oe2203sp4.noarch.rpm" + }, + "name":"edk2-aarch64-202011-19.oe2203sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"edk2-help-202011-19.oe2203sp4.noarch.rpm", + "name":"edk2-help-202011-19.oe2203sp4.noarch.rpm" + }, + "name":"edk2-help-202011-19.oe2203sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"edk2-ovmf-202011-19.oe2203sp4.noarch.rpm", + "name":"edk2-ovmf-202011-19.oe2203sp4.noarch.rpm" + }, + "name":"edk2-ovmf-202011-19.oe2203sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python3-edk2-devel-202011-19.oe2203sp4.noarch.rpm", + "name":"python3-edk2-devel-202011-19.oe2203sp4.noarch.rpm" + }, + "name":"python3-edk2-devel-202011-19.oe2203sp4.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"edk2-debuginfo-202011-19.oe2203sp3.aarch64.rpm", + "name":"edk2-debuginfo-202011-19.oe2203sp3.aarch64.rpm" + }, + "name":"edk2-debuginfo-202011-19.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"edk2-debugsource-202011-19.oe2203sp3.aarch64.rpm", + "name":"edk2-debugsource-202011-19.oe2203sp3.aarch64.rpm" + }, + "name":"edk2-debugsource-202011-19.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"edk2-devel-202011-19.oe2203sp3.aarch64.rpm", + "name":"edk2-devel-202011-19.oe2203sp3.aarch64.rpm" + }, + "name":"edk2-devel-202011-19.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"edk2-debuginfo-202002-23.oe2003sp4.aarch64.rpm", + "name":"edk2-debuginfo-202002-23.oe2003sp4.aarch64.rpm" + }, + "name":"edk2-debuginfo-202002-23.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"edk2-debugsource-202002-23.oe2003sp4.aarch64.rpm", + "name":"edk2-debugsource-202002-23.oe2003sp4.aarch64.rpm" + }, + "name":"edk2-debugsource-202002-23.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"edk2-devel-202002-23.oe2003sp4.aarch64.rpm", + "name":"edk2-devel-202002-23.oe2003sp4.aarch64.rpm" + }, + "name":"edk2-devel-202002-23.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"edk2-debuginfo-202011-19.oe2203sp1.aarch64.rpm", + "name":"edk2-debuginfo-202011-19.oe2203sp1.aarch64.rpm" + }, + "name":"edk2-debuginfo-202011-19.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"edk2-debugsource-202011-19.oe2203sp1.aarch64.rpm", + "name":"edk2-debugsource-202011-19.oe2203sp1.aarch64.rpm" + }, + "name":"edk2-debugsource-202011-19.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"edk2-devel-202011-19.oe2203sp1.aarch64.rpm", + "name":"edk2-devel-202011-19.oe2203sp1.aarch64.rpm" + }, + "name":"edk2-devel-202011-19.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"edk2-debuginfo-202308-9.oe2403.aarch64.rpm", + "name":"edk2-debuginfo-202308-9.oe2403.aarch64.rpm" + }, + "name":"edk2-debuginfo-202308-9.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"edk2-debugsource-202308-9.oe2403.aarch64.rpm", + "name":"edk2-debugsource-202308-9.oe2403.aarch64.rpm" + }, + "name":"edk2-debugsource-202308-9.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"edk2-devel-202308-9.oe2403.aarch64.rpm", + "name":"edk2-devel-202308-9.oe2403.aarch64.rpm" + }, + "name":"edk2-devel-202308-9.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"edk2-debuginfo-202011-19.oe2203sp4.aarch64.rpm", + "name":"edk2-debuginfo-202011-19.oe2203sp4.aarch64.rpm" + }, + "name":"edk2-debuginfo-202011-19.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"edk2-debugsource-202011-19.oe2203sp4.aarch64.rpm", + "name":"edk2-debugsource-202011-19.oe2203sp4.aarch64.rpm" + }, + "name":"edk2-debugsource-202011-19.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"edk2-devel-202011-19.oe2203sp4.aarch64.rpm", + "name":"edk2-devel-202011-19.oe2203sp4.aarch64.rpm" + }, + "name":"edk2-devel-202011-19.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"edk2-debuginfo-202011-19.oe2203sp3.x86_64.rpm", + "name":"edk2-debuginfo-202011-19.oe2203sp3.x86_64.rpm" + }, + "name":"edk2-debuginfo-202011-19.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"edk2-debugsource-202011-19.oe2203sp3.x86_64.rpm", + "name":"edk2-debugsource-202011-19.oe2203sp3.x86_64.rpm" + }, + "name":"edk2-debugsource-202011-19.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"edk2-devel-202011-19.oe2203sp3.x86_64.rpm", + "name":"edk2-devel-202011-19.oe2203sp3.x86_64.rpm" + }, + "name":"edk2-devel-202011-19.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"edk2-debuginfo-202002-23.oe2003sp4.x86_64.rpm", + "name":"edk2-debuginfo-202002-23.oe2003sp4.x86_64.rpm" + }, + "name":"edk2-debuginfo-202002-23.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"edk2-debugsource-202002-23.oe2003sp4.x86_64.rpm", + "name":"edk2-debugsource-202002-23.oe2003sp4.x86_64.rpm" + }, + "name":"edk2-debugsource-202002-23.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"edk2-devel-202002-23.oe2003sp4.x86_64.rpm", + "name":"edk2-devel-202002-23.oe2003sp4.x86_64.rpm" + }, + "name":"edk2-devel-202002-23.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"edk2-debuginfo-202011-19.oe2203sp1.x86_64.rpm", + "name":"edk2-debuginfo-202011-19.oe2203sp1.x86_64.rpm" + }, + "name":"edk2-debuginfo-202011-19.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"edk2-debugsource-202011-19.oe2203sp1.x86_64.rpm", + "name":"edk2-debugsource-202011-19.oe2203sp1.x86_64.rpm" + }, + "name":"edk2-debugsource-202011-19.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"edk2-devel-202011-19.oe2203sp1.x86_64.rpm", + "name":"edk2-devel-202011-19.oe2203sp1.x86_64.rpm" + }, + "name":"edk2-devel-202011-19.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"edk2-debuginfo-202308-9.oe2403.x86_64.rpm", + "name":"edk2-debuginfo-202308-9.oe2403.x86_64.rpm" + }, + "name":"edk2-debuginfo-202308-9.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"edk2-debugsource-202308-9.oe2403.x86_64.rpm", + "name":"edk2-debugsource-202308-9.oe2403.x86_64.rpm" + }, + "name":"edk2-debugsource-202308-9.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"edk2-devel-202308-9.oe2403.x86_64.rpm", + "name":"edk2-devel-202308-9.oe2403.x86_64.rpm" + }, + "name":"edk2-devel-202308-9.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"edk2-debuginfo-202011-19.oe2203sp4.x86_64.rpm", + "name":"edk2-debuginfo-202011-19.oe2203sp4.x86_64.rpm" + }, + "name":"edk2-debuginfo-202011-19.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"edk2-debugsource-202011-19.oe2203sp4.x86_64.rpm", + "name":"edk2-debugsource-202011-19.oe2203sp4.x86_64.rpm" + }, + "name":"edk2-debugsource-202011-19.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"edk2-devel-202011-19.oe2203sp4.x86_64.rpm", + "name":"edk2-devel-202011-19.oe2203sp4.x86_64.rpm" + }, + "name":"edk2-devel-202011-19.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"edk2-202011-19.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:edk2-202011-19.oe2203sp3.src", + "name":"edk2-202011-19.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"edk2-202002-23.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:edk2-202002-23.oe2003sp4.src", + "name":"edk2-202002-23.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"edk2-202011-19.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:edk2-202011-19.oe2203sp1.src", + "name":"edk2-202011-19.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"edk2-202308-9.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:edk2-202308-9.oe2403.src", + "name":"edk2-202308-9.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"edk2-202011-19.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:edk2-202011-19.oe2203sp4.src", + "name":"edk2-202011-19.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"edk2-aarch64-202011-19.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:edk2-aarch64-202011-19.oe2203sp3.noarch", + "name":"edk2-aarch64-202011-19.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"edk2-help-202011-19.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:edk2-help-202011-19.oe2203sp3.noarch", + "name":"edk2-help-202011-19.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"edk2-ovmf-202011-19.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:edk2-ovmf-202011-19.oe2203sp3.noarch", + "name":"edk2-ovmf-202011-19.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-edk2-devel-202011-19.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-edk2-devel-202011-19.oe2203sp3.noarch", + "name":"python3-edk2-devel-202011-19.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"edk2-aarch64-202002-23.oe2003sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:edk2-aarch64-202002-23.oe2003sp4.noarch", + "name":"edk2-aarch64-202002-23.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"edk2-help-202002-23.oe2003sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:edk2-help-202002-23.oe2003sp4.noarch", + "name":"edk2-help-202002-23.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"edk2-ovmf-202002-23.oe2003sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:edk2-ovmf-202002-23.oe2003sp4.noarch", + "name":"edk2-ovmf-202002-23.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python3-edk2-devel-202002-23.oe2003sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-23.oe2003sp4.noarch", + "name":"python3-edk2-devel-202002-23.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"edk2-aarch64-202011-19.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:edk2-aarch64-202011-19.oe2203sp1.noarch", + "name":"edk2-aarch64-202011-19.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"edk2-help-202011-19.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:edk2-help-202011-19.oe2203sp1.noarch", + "name":"edk2-help-202011-19.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"edk2-ovmf-202011-19.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:edk2-ovmf-202011-19.oe2203sp1.noarch", + "name":"edk2-ovmf-202011-19.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-edk2-devel-202011-19.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-edk2-devel-202011-19.oe2203sp1.noarch", + "name":"python3-edk2-devel-202011-19.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"edk2-aarch64-202308-9.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:edk2-aarch64-202308-9.oe2403.noarch", + "name":"edk2-aarch64-202308-9.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"edk2-help-202308-9.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:edk2-help-202308-9.oe2403.noarch", + "name":"edk2-help-202308-9.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"edk2-ovmf-202308-9.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:edk2-ovmf-202308-9.oe2403.noarch", + "name":"edk2-ovmf-202308-9.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-edk2-devel-202308-9.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-edk2-devel-202308-9.oe2403.noarch", + "name":"python3-edk2-devel-202308-9.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"edk2-aarch64-202011-19.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:edk2-aarch64-202011-19.oe2203sp4.noarch", + "name":"edk2-aarch64-202011-19.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"edk2-help-202011-19.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:edk2-help-202011-19.oe2203sp4.noarch", + "name":"edk2-help-202011-19.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"edk2-ovmf-202011-19.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:edk2-ovmf-202011-19.oe2203sp4.noarch", + "name":"edk2-ovmf-202011-19.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python3-edk2-devel-202011-19.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-19.oe2203sp4.noarch", + "name":"python3-edk2-devel-202011-19.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"edk2-debuginfo-202011-19.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:edk2-debuginfo-202011-19.oe2203sp3.aarch64", + "name":"edk2-debuginfo-202011-19.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"edk2-debugsource-202011-19.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:edk2-debugsource-202011-19.oe2203sp3.aarch64", + "name":"edk2-debugsource-202011-19.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"edk2-devel-202011-19.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:edk2-devel-202011-19.oe2203sp3.aarch64", + "name":"edk2-devel-202011-19.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"edk2-debuginfo-202002-23.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-23.oe2003sp4.aarch64", + "name":"edk2-debuginfo-202002-23.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"edk2-debugsource-202002-23.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:edk2-debugsource-202002-23.oe2003sp4.aarch64", + "name":"edk2-debugsource-202002-23.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"edk2-devel-202002-23.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:edk2-devel-202002-23.oe2003sp4.aarch64", + "name":"edk2-devel-202002-23.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"edk2-debuginfo-202011-19.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:edk2-debuginfo-202011-19.oe2203sp1.aarch64", + "name":"edk2-debuginfo-202011-19.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"edk2-debugsource-202011-19.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:edk2-debugsource-202011-19.oe2203sp1.aarch64", + "name":"edk2-debugsource-202011-19.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"edk2-devel-202011-19.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:edk2-devel-202011-19.oe2203sp1.aarch64", + "name":"edk2-devel-202011-19.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"edk2-debuginfo-202308-9.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:edk2-debuginfo-202308-9.oe2403.aarch64", + "name":"edk2-debuginfo-202308-9.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"edk2-debugsource-202308-9.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:edk2-debugsource-202308-9.oe2403.aarch64", + "name":"edk2-debugsource-202308-9.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"edk2-devel-202308-9.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:edk2-devel-202308-9.oe2403.aarch64", + "name":"edk2-devel-202308-9.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"edk2-debuginfo-202011-19.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-19.oe2203sp4.aarch64", + "name":"edk2-debuginfo-202011-19.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"edk2-debugsource-202011-19.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:edk2-debugsource-202011-19.oe2203sp4.aarch64", + "name":"edk2-debugsource-202011-19.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"edk2-devel-202011-19.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:edk2-devel-202011-19.oe2203sp4.aarch64", + "name":"edk2-devel-202011-19.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"edk2-debuginfo-202011-19.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:edk2-debuginfo-202011-19.oe2203sp3.x86_64", + "name":"edk2-debuginfo-202011-19.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"edk2-debugsource-202011-19.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:edk2-debugsource-202011-19.oe2203sp3.x86_64", + "name":"edk2-debugsource-202011-19.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"edk2-devel-202011-19.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:edk2-devel-202011-19.oe2203sp3.x86_64", + "name":"edk2-devel-202011-19.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"edk2-debuginfo-202002-23.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-23.oe2003sp4.x86_64", + "name":"edk2-debuginfo-202002-23.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"edk2-debugsource-202002-23.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:edk2-debugsource-202002-23.oe2003sp4.x86_64", + "name":"edk2-debugsource-202002-23.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"edk2-devel-202002-23.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:edk2-devel-202002-23.oe2003sp4.x86_64", + "name":"edk2-devel-202002-23.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"edk2-debuginfo-202011-19.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:edk2-debuginfo-202011-19.oe2203sp1.x86_64", + "name":"edk2-debuginfo-202011-19.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"edk2-debugsource-202011-19.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:edk2-debugsource-202011-19.oe2203sp1.x86_64", + "name":"edk2-debugsource-202011-19.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"edk2-devel-202011-19.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:edk2-devel-202011-19.oe2203sp1.x86_64", + "name":"edk2-devel-202011-19.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"edk2-debuginfo-202308-9.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:edk2-debuginfo-202308-9.oe2403.x86_64", + "name":"edk2-debuginfo-202308-9.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"edk2-debugsource-202308-9.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:edk2-debugsource-202308-9.oe2403.x86_64", + "name":"edk2-debugsource-202308-9.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"edk2-devel-202308-9.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:edk2-devel-202308-9.oe2403.x86_64", + "name":"edk2-devel-202308-9.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"edk2-debuginfo-202011-19.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-19.oe2203sp4.x86_64", + "name":"edk2-debuginfo-202011-19.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"edk2-debugsource-202011-19.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:edk2-debugsource-202011-19.oe2203sp4.x86_64", + "name":"edk2-debugsource-202011-19.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"edk2-devel-202011-19.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:edk2-devel-202011-19.oe2203sp4.x86_64", + "name":"edk2-devel-202011-19.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-5535", + "notes":[ + { + "text":"Issue summary: Calling the OpenSSL API function SSL_select_next_proto with anempty supported client protocols buffer may cause a crash or memory contents tobe sent to the peer.Impact summary: A buffer overread can have a range of potential consequencessuch as unexpected application beahviour or a crash. In particular this issuecould result in up to 255 bytes of arbitrary private data from memory being sentto the peer leading to a loss of confidentiality. However, only applicationsthat directly call the SSL_select_next_proto function with a 0 length list ofsupported client protocols are affected by this issue. This would normally neverbe a valid scenario and is typically not under attacker control but may occur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) or NPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a list ofprotocols from the server and a list of protocols from the client and returnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether an overlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (and reportsthat there was no overlap in the lists).This function is typically called from a server side application callback forALPN or a client side application callback for NPN. In the case of ALPN the listof protocols supplied by the client is guaranteed by libssl to never be zero inlength. The list of server protocols comes from the application and should nevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), then theapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a no overlap response (which would normally result in a handshake failure in ALPN) then itwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunistically selecta protocol when there is no overlap. OpenSSL returns the first client protocolin the no overlap case in support of this. The list of client protocols comesfrom the application and should never normally be expected to be of zero length.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. If theapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is notwidely used. It also requires an application configuration or programming error.Finally, this issue would not typically be under attacker control making activeexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases when theybecome available.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:edk2-202011-19.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:edk2-202002-23.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:edk2-202011-19.oe2203sp1.src", + "openEuler-24.03-LTS:edk2-202308-9.oe2403.src", + "openEuler-22.03-LTS-SP4:edk2-202011-19.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:edk2-aarch64-202011-19.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:edk2-help-202011-19.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:edk2-ovmf-202011-19.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python3-edk2-devel-202011-19.oe2203sp3.noarch", + "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-23.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:edk2-help-202002-23.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-23.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-23.oe2003sp4.noarch", + "openEuler-22.03-LTS-SP1:edk2-aarch64-202011-19.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:edk2-help-202011-19.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:edk2-ovmf-202011-19.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python3-edk2-devel-202011-19.oe2203sp1.noarch", + "openEuler-24.03-LTS:edk2-aarch64-202308-9.oe2403.noarch", + "openEuler-24.03-LTS:edk2-help-202308-9.oe2403.noarch", + "openEuler-24.03-LTS:edk2-ovmf-202308-9.oe2403.noarch", + "openEuler-24.03-LTS:python3-edk2-devel-202308-9.oe2403.noarch", + "openEuler-22.03-LTS-SP4:edk2-aarch64-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:edk2-help-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:edk2-ovmf-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP3:edk2-debuginfo-202011-19.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:edk2-debugsource-202011-19.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:edk2-devel-202011-19.oe2203sp3.aarch64", + "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-23.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-23.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:edk2-devel-202002-23.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:edk2-debuginfo-202011-19.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:edk2-debugsource-202011-19.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:edk2-devel-202011-19.oe2203sp1.aarch64", + "openEuler-24.03-LTS:edk2-debuginfo-202308-9.oe2403.aarch64", + "openEuler-24.03-LTS:edk2-debugsource-202308-9.oe2403.aarch64", + "openEuler-24.03-LTS:edk2-devel-202308-9.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-19.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-19.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:edk2-devel-202011-19.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:edk2-debuginfo-202011-19.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:edk2-debugsource-202011-19.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:edk2-devel-202011-19.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-23.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-23.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:edk2-devel-202002-23.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:edk2-debuginfo-202011-19.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:edk2-debugsource-202011-19.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:edk2-devel-202011-19.oe2203sp1.x86_64", + "openEuler-24.03-LTS:edk2-debuginfo-202308-9.oe2403.x86_64", + "openEuler-24.03-LTS:edk2-debugsource-202308-9.oe2403.x86_64", + "openEuler-24.03-LTS:edk2-devel-202308-9.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-19.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-19.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:edk2-devel-202011-19.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:edk2-202011-19.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:edk2-202002-23.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:edk2-202011-19.oe2203sp1.src", + "openEuler-24.03-LTS:edk2-202308-9.oe2403.src", + "openEuler-22.03-LTS-SP4:edk2-202011-19.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:edk2-aarch64-202011-19.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:edk2-help-202011-19.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:edk2-ovmf-202011-19.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python3-edk2-devel-202011-19.oe2203sp3.noarch", + "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-23.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:edk2-help-202002-23.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-23.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-23.oe2003sp4.noarch", + "openEuler-22.03-LTS-SP1:edk2-aarch64-202011-19.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:edk2-help-202011-19.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:edk2-ovmf-202011-19.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python3-edk2-devel-202011-19.oe2203sp1.noarch", + "openEuler-24.03-LTS:edk2-aarch64-202308-9.oe2403.noarch", + "openEuler-24.03-LTS:edk2-help-202308-9.oe2403.noarch", + "openEuler-24.03-LTS:edk2-ovmf-202308-9.oe2403.noarch", + "openEuler-24.03-LTS:python3-edk2-devel-202308-9.oe2403.noarch", + "openEuler-22.03-LTS-SP4:edk2-aarch64-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:edk2-help-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:edk2-ovmf-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP3:edk2-debuginfo-202011-19.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:edk2-debugsource-202011-19.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:edk2-devel-202011-19.oe2203sp3.aarch64", + "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-23.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-23.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:edk2-devel-202002-23.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:edk2-debuginfo-202011-19.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:edk2-debugsource-202011-19.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:edk2-devel-202011-19.oe2203sp1.aarch64", + "openEuler-24.03-LTS:edk2-debuginfo-202308-9.oe2403.aarch64", + "openEuler-24.03-LTS:edk2-debugsource-202308-9.oe2403.aarch64", + "openEuler-24.03-LTS:edk2-devel-202308-9.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-19.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-19.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:edk2-devel-202011-19.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:edk2-debuginfo-202011-19.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:edk2-debugsource-202011-19.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:edk2-devel-202011-19.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-23.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-23.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:edk2-devel-202002-23.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:edk2-debuginfo-202011-19.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:edk2-debugsource-202011-19.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:edk2-devel-202011-19.oe2203sp1.x86_64", + "openEuler-24.03-LTS:edk2-debuginfo-202308-9.oe2403.x86_64", + "openEuler-24.03-LTS:edk2-debugsource-202308-9.oe2403.x86_64", + "openEuler-24.03-LTS:edk2-devel-202308-9.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-19.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-19.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:edk2-devel-202011-19.oe2203sp4.x86_64" + ], + "details":"edk2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1914" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"CRITICAL", + "baseScore":9.1, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:edk2-202011-19.oe2203sp3.src", + "openEuler-20.03-LTS-SP4:edk2-202002-23.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:edk2-202011-19.oe2203sp1.src", + "openEuler-24.03-LTS:edk2-202308-9.oe2403.src", + "openEuler-22.03-LTS-SP4:edk2-202011-19.oe2203sp4.src", + "openEuler-22.03-LTS-SP3:edk2-aarch64-202011-19.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:edk2-help-202011-19.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:edk2-ovmf-202011-19.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python3-edk2-devel-202011-19.oe2203sp3.noarch", + "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-23.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:edk2-help-202002-23.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-23.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-23.oe2003sp4.noarch", + "openEuler-22.03-LTS-SP1:edk2-aarch64-202011-19.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:edk2-help-202011-19.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:edk2-ovmf-202011-19.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python3-edk2-devel-202011-19.oe2203sp1.noarch", + "openEuler-24.03-LTS:edk2-aarch64-202308-9.oe2403.noarch", + "openEuler-24.03-LTS:edk2-help-202308-9.oe2403.noarch", + "openEuler-24.03-LTS:edk2-ovmf-202308-9.oe2403.noarch", + "openEuler-24.03-LTS:python3-edk2-devel-202308-9.oe2403.noarch", + "openEuler-22.03-LTS-SP4:edk2-aarch64-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:edk2-help-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:edk2-ovmf-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-19.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP3:edk2-debuginfo-202011-19.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:edk2-debugsource-202011-19.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:edk2-devel-202011-19.oe2203sp3.aarch64", + "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-23.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-23.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:edk2-devel-202002-23.oe2003sp4.aarch64", + "openEuler-22.03-LTS-SP1:edk2-debuginfo-202011-19.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:edk2-debugsource-202011-19.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:edk2-devel-202011-19.oe2203sp1.aarch64", + "openEuler-24.03-LTS:edk2-debuginfo-202308-9.oe2403.aarch64", + "openEuler-24.03-LTS:edk2-debugsource-202308-9.oe2403.aarch64", + "openEuler-24.03-LTS:edk2-devel-202308-9.oe2403.aarch64", + "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-19.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-19.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:edk2-devel-202011-19.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP3:edk2-debuginfo-202011-19.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:edk2-debugsource-202011-19.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:edk2-devel-202011-19.oe2203sp3.x86_64", + "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-23.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-23.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:edk2-devel-202002-23.oe2003sp4.x86_64", + "openEuler-22.03-LTS-SP1:edk2-debuginfo-202011-19.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:edk2-debugsource-202011-19.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:edk2-devel-202011-19.oe2203sp1.x86_64", + "openEuler-24.03-LTS:edk2-debuginfo-202308-9.oe2403.x86_64", + "openEuler-24.03-LTS:edk2-debugsource-202308-9.oe2403.x86_64", + "openEuler-24.03-LTS:edk2-devel-202308-9.oe2403.x86_64", + "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-19.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-19.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:edk2-devel-202011-19.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Critical", + "category":"impact" + } + ], + "title":"CVE-2024-5535" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1915.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1915.json new file mode 100644 index 0000000..b4111dc --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1915.json @@ -0,0 +1,264 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"avro security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for avro is now available for openEuler-20.03-LTS-SP4.", + "category":"general", + "title":"Summary" + }, + { + "text":"Apache Avro is a data serialization system.\n\nSecurity Fix(es):\n\nWhen deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.\n\n(CVE-2023-39410)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for avro is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"avro", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1915", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1915" + }, + { + "summary":"CVE-2023-39410", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-39410&packageName=avro" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39410" + }, + { + "summary":"openEuler-SA-2024-1915 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1915.json" + } + ], + "title":"An update for avro is now available for openEuler-20.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:45+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:45+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:23+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:23+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:30:23+08:00", + "id":"openEuler-SA-2024-1915", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"avro-1.10.2-5.oe2003sp4.aarch64.rpm", + "name":"avro-1.10.2-5.oe2003sp4.aarch64.rpm" + }, + "name":"avro-1.10.2-5.oe2003sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"avro-1.10.2-5.oe2003sp4.src.rpm", + "name":"avro-1.10.2-5.oe2003sp4.src.rpm" + }, + "name":"avro-1.10.2-5.oe2003sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"avro-1.10.2-5.oe2003sp4.x86_64.rpm", + "name":"avro-1.10.2-5.oe2003sp4.x86_64.rpm" + }, + "name":"avro-1.10.2-5.oe2003sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"avro-1.10.2-5.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.aarch64", + "name":"avro-1.10.2-5.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"avro-1.10.2-5.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.src", + "name":"avro-1.10.2-5.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"avro-1.10.2-5.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.x86_64", + "name":"avro-1.10.2-5.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2023-39410", + "notes":[ + { + "text":"When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.x86_64" + ], + "details":"avro security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1915" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:avro-1.10.2-5.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2023-39410" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1916.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1916.json new file mode 100644 index 0000000..2565e05 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1916.json @@ -0,0 +1,264 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"avro security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for avro is now available for openEuler-22.03-LTS-SP3.", + "category":"general", + "title":"Summary" + }, + { + "text":"Apache Avro is a data serialization system.\n\nSecurity Fix(es):\n\nWhen deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.\n\n(CVE-2023-39410)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for avro is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"avro", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1916", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1916" + }, + { + "summary":"CVE-2023-39410", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-39410&packageName=avro" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39410" + }, + { + "summary":"openEuler-SA-2024-1916 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1916.json" + } + ], + "title":"An update for avro is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:47+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:47+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:37+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:37+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-02T19:41:47+08:00", + "id":"openEuler-SA-2024-1916", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"avro-1.10.2-5.oe2203sp3.aarch64.rpm", + "name":"avro-1.10.2-5.oe2203sp3.aarch64.rpm" + }, + "name":"avro-1.10.2-5.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"avro-1.10.2-5.oe2203sp3.src.rpm", + "name":"avro-1.10.2-5.oe2203sp3.src.rpm" + }, + "name":"avro-1.10.2-5.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"avro-1.10.2-5.oe2203sp3.x86_64.rpm", + "name":"avro-1.10.2-5.oe2203sp3.x86_64.rpm" + }, + "name":"avro-1.10.2-5.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"avro-1.10.2-5.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.aarch64", + "name":"avro-1.10.2-5.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"avro-1.10.2-5.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.src", + "name":"avro-1.10.2-5.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"avro-1.10.2-5.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.x86_64", + "name":"avro-1.10.2-5.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2023-39410", + "notes":[ + { + "text":"When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.x86_64" + ], + "details":"avro security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1916" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:avro-1.10.2-5.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2023-39410" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1917.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1917.json new file mode 100644 index 0000000..ad3f948 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1917.json @@ -0,0 +1,264 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"avro security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for avro is now available for openEuler-22.03-LTS-SP4.", + "category":"general", + "title":"Summary" + }, + { + "text":"Apache Avro is a data serialization system.\n\nSecurity Fix(es):\n\nWhen deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.\n\n(CVE-2023-39410)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for avro is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"avro", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1917", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1917" + }, + { + "summary":"CVE-2023-39410", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-39410&packageName=avro" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39410" + }, + { + "summary":"openEuler-SA-2024-1917 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1917.json" + } + ], + "title":"An update for avro is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:48+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:48+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:38+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:38+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:30:38+08:00", + "id":"openEuler-SA-2024-1917", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"avro-1.10.2-5.oe2203sp4.aarch64.rpm", + "name":"avro-1.10.2-5.oe2203sp4.aarch64.rpm" + }, + "name":"avro-1.10.2-5.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"avro-1.10.2-5.oe2203sp4.src.rpm", + "name":"avro-1.10.2-5.oe2203sp4.src.rpm" + }, + "name":"avro-1.10.2-5.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"avro-1.10.2-5.oe2203sp4.x86_64.rpm", + "name":"avro-1.10.2-5.oe2203sp4.x86_64.rpm" + }, + "name":"avro-1.10.2-5.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"avro-1.10.2-5.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.aarch64", + "name":"avro-1.10.2-5.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"avro-1.10.2-5.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.src", + "name":"avro-1.10.2-5.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"avro-1.10.2-5.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.x86_64", + "name":"avro-1.10.2-5.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2023-39410", + "notes":[ + { + "text":"When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.x86_64" + ], + "details":"avro security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1917" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:avro-1.10.2-5.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2023-39410" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1918.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1918.json new file mode 100644 index 0000000..b5e37dc --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1918.json @@ -0,0 +1,264 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"avro security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for avro is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"Apache Avro is a data serialization system.\n\nSecurity Fix(es):\n\nWhen deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.\n\n(CVE-2023-39410)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for avro is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"avro", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1918", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1918" + }, + { + "summary":"CVE-2023-39410", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-39410&packageName=avro" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39410" + }, + { + "summary":"openEuler-SA-2024-1918 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1918.json" + } + ], + "title":"An update for avro is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:49+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:49+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:39+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:39+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:30:39+08:00", + "id":"openEuler-SA-2024-1918", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"avro-1.10.2-5.oe2403.aarch64.rpm", + "name":"avro-1.10.2-5.oe2403.aarch64.rpm" + }, + "name":"avro-1.10.2-5.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"avro-1.10.2-5.oe2403.src.rpm", + "name":"avro-1.10.2-5.oe2403.src.rpm" + }, + "name":"avro-1.10.2-5.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"avro-1.10.2-5.oe2403.x86_64.rpm", + "name":"avro-1.10.2-5.oe2403.x86_64.rpm" + }, + "name":"avro-1.10.2-5.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"avro-1.10.2-5.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:avro-1.10.2-5.oe2403.aarch64", + "name":"avro-1.10.2-5.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"avro-1.10.2-5.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:avro-1.10.2-5.oe2403.src", + "name":"avro-1.10.2-5.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"avro-1.10.2-5.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:avro-1.10.2-5.oe2403.x86_64", + "name":"avro-1.10.2-5.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2023-39410", + "notes":[ + { + "text":"When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:avro-1.10.2-5.oe2403.aarch64", + "openEuler-24.03-LTS:avro-1.10.2-5.oe2403.src", + "openEuler-24.03-LTS:avro-1.10.2-5.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:avro-1.10.2-5.oe2403.aarch64", + "openEuler-24.03-LTS:avro-1.10.2-5.oe2403.src", + "openEuler-24.03-LTS:avro-1.10.2-5.oe2403.x86_64" + ], + "details":"avro security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1918" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:avro-1.10.2-5.oe2403.aarch64", + "openEuler-24.03-LTS:avro-1.10.2-5.oe2403.src", + "openEuler-24.03-LTS:avro-1.10.2-5.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2023-39410" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1919.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1919.json new file mode 100644 index 0000000..00b094a --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1919.json @@ -0,0 +1,966 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP1.", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20996)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21135)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21162)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1919", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1919" + }, + { + "summary":"CVE-2024-20996", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-20996&packageName=mysql" + }, + { + "summary":"CVE-2024-21135", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21135&packageName=mysql" + }, + { + "summary":"CVE-2024-21162", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21162&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20996" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21135" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21162" + }, + { + "summary":"openEuler-SA-2024-1919 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1919.json" + } + ], + "title":"An update for mysql is now available for openEuler-22.03-LTS-SP1", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:50+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:50+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:50+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:50+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:30:50+08:00", + "id":"openEuler-SA-2024-1919", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-8.0.38-1.oe2203sp1.src.rpm", + "name":"mysql-8.0.38-1.oe2203sp1.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp1.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-test-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-libs-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-server-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-config-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-devel-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-common-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-help-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-8.0.38-1.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "name":"mysql-8.0.38-1.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-server-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-help-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-common-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-libs-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-devel-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-test-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-config-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-20996", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1919" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-20996" + }, + { + "cve":"CVE-2024-21135", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1919" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21135" + }, + { + "cve":"CVE-2024-21162", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1919" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21162" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1920.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1920.json new file mode 100644 index 0000000..39b9e71 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1920.json @@ -0,0 +1,966 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP3.", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20996)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21135)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21162)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1920", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1920" + }, + { + "summary":"CVE-2024-20996", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-20996&packageName=mysql" + }, + { + "summary":"CVE-2024-21135", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21135&packageName=mysql" + }, + { + "summary":"CVE-2024-21162", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21162&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20996" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21135" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21162" + }, + { + "summary":"openEuler-SA-2024-1920 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1920.json" + } + ], + "title":"An update for mysql is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:52+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:52+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:52+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:52+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:30:52+08:00", + "id":"openEuler-SA-2024-1920", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-8.0.38-1.oe2203sp3.src.rpm", + "name":"mysql-8.0.38-1.oe2203sp3.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-libs-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-help-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-test-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-common-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-server-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-config-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-devel-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-8.0.38-1.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "name":"mysql-8.0.38-1.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-test-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-devel-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-config-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-libs-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-common-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-server-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-help-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-20996", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1920" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-20996" + }, + { + "cve":"CVE-2024-21135", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1920" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21135" + }, + { + "cve":"CVE-2024-21162", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1920" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21162" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1921.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1921.json new file mode 100644 index 0000000..f95876c --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1921.json @@ -0,0 +1,845 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP4.", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20996)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21162)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1921", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1921" + }, + { + "summary":"CVE-2024-20996", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-20996&packageName=mysql" + }, + { + "summary":"CVE-2024-21162", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21162&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20996" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21162" + }, + { + "summary":"openEuler-SA-2024-1921 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1921.json" + } + ], + "title":"An update for mysql is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:53+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:53+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:53+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:53+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:30:53+08:00", + "id":"openEuler-SA-2024-1921", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-8.0.38-1.oe2203sp4.src.rpm", + "name":"mysql-8.0.38-1.oe2203sp4.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-server-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-common-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-config-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-help-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-devel-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-libs-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-test-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-8.0.38-1.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "name":"mysql-8.0.38-1.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-help-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-test-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-server-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-config-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-common-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-libs-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-devel-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-20996", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1921" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-20996" + }, + { + "cve":"CVE-2024-21162", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1921" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21162" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1922.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1922.json new file mode 100644 index 0000000..52f30c9 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1922.json @@ -0,0 +1,966 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20996)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21135)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21162)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1922", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1922" + }, + { + "summary":"CVE-2024-20996", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-20996&packageName=mysql" + }, + { + "summary":"CVE-2024-21135", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21135&packageName=mysql" + }, + { + "summary":"CVE-2024-21162", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21162&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20996" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21135" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21162" + }, + { + "summary":"openEuler-SA-2024-1922 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1922.json" + } + ], + "title":"An update for mysql is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:55+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:55+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:55+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:55+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:30:55+08:00", + "id":"openEuler-SA-2024-1922", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-common-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-config-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-help-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-server-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-test-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-8.0.38-1.oe2403.src.rpm", + "name":"mysql-8.0.38-1.oe2403.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-common-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-server-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-help-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-test-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-config-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-common-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "name":"mysql-common-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "name":"mysql-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-config-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "name":"mysql-config-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-help-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "name":"mysql-help-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-server-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "name":"mysql-server-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "name":"mysql-libs-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "name":"mysql-devel-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-test-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "name":"mysql-test-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-8.0.38-1.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "name":"mysql-8.0.38-1.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-common-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "name":"mysql-common-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "name":"mysql-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-server-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "name":"mysql-server-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "name":"mysql-libs-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-help-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "name":"mysql-help-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-test-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "name":"mysql-test-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "name":"mysql-devel-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-config-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "name":"mysql-config-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-20996", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1922" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-20996" + }, + { + "cve":"CVE-2024-21135", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1922" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21135" + }, + { + "cve":"CVE-2024-21162", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1922" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21162" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1923.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1923.json new file mode 100644 index 0000000..6b57066 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1923.json @@ -0,0 +1,653 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"botan2 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for botan2 is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \\#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. This is the current stable release branch 2.x of Botan.\n\nSecurity Fix(es):\n\nBotan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.(CVE-2024-34702)\n\nBotan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.\n(CVE-2024-34703)\n\nBotan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.(CVE-2024-39312)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for botan2 is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"botan2", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1923", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1923" + }, + { + "summary":"CVE-2024-34702", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-34702&packageName=botan2" + }, + { + "summary":"CVE-2024-34703", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-34703&packageName=botan2" + }, + { + "summary":"CVE-2024-39312", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39312&packageName=botan2" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34702" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34703" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39312" + }, + { + "summary":"openEuler-SA-2024-1923 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1923.json" + } + ], + "title":"An update for botan2 is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:56+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:56+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:56+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:56+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:30:56+08:00", + "id":"openEuler-SA-2024-1923", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"botan2-devel-2.19.3-3.oe2403.aarch64.rpm", + "name":"botan2-devel-2.19.3-3.oe2403.aarch64.rpm" + }, + "name":"botan2-devel-2.19.3-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"botan2-2.19.3-3.oe2403.aarch64.rpm", + "name":"botan2-2.19.3-3.oe2403.aarch64.rpm" + }, + "name":"botan2-2.19.3-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"botan2-debugsource-2.19.3-3.oe2403.aarch64.rpm", + "name":"botan2-debugsource-2.19.3-3.oe2403.aarch64.rpm" + }, + "name":"botan2-debugsource-2.19.3-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-botan2-2.19.3-3.oe2403.aarch64.rpm", + "name":"python3-botan2-2.19.3-3.oe2403.aarch64.rpm" + }, + "name":"python3-botan2-2.19.3-3.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"botan2-debuginfo-2.19.3-3.oe2403.aarch64.rpm", + "name":"botan2-debuginfo-2.19.3-3.oe2403.aarch64.rpm" + }, + "name":"botan2-debuginfo-2.19.3-3.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"botan2-doc-2.19.3-3.oe2403.noarch.rpm", + "name":"botan2-doc-2.19.3-3.oe2403.noarch.rpm" + }, + "name":"botan2-doc-2.19.3-3.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"botan2-2.19.3-3.oe2403.src.rpm", + "name":"botan2-2.19.3-3.oe2403.src.rpm" + }, + "name":"botan2-2.19.3-3.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"botan2-devel-2.19.3-3.oe2403.x86_64.rpm", + "name":"botan2-devel-2.19.3-3.oe2403.x86_64.rpm" + }, + "name":"botan2-devel-2.19.3-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"botan2-debuginfo-2.19.3-3.oe2403.x86_64.rpm", + "name":"botan2-debuginfo-2.19.3-3.oe2403.x86_64.rpm" + }, + "name":"botan2-debuginfo-2.19.3-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-botan2-2.19.3-3.oe2403.x86_64.rpm", + "name":"python3-botan2-2.19.3-3.oe2403.x86_64.rpm" + }, + "name":"python3-botan2-2.19.3-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"botan2-2.19.3-3.oe2403.x86_64.rpm", + "name":"botan2-2.19.3-3.oe2403.x86_64.rpm" + }, + "name":"botan2-2.19.3-3.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"botan2-debugsource-2.19.3-3.oe2403.x86_64.rpm", + "name":"botan2-debugsource-2.19.3-3.oe2403.x86_64.rpm" + }, + "name":"botan2-debugsource-2.19.3-3.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"botan2-devel-2.19.3-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.aarch64", + "name":"botan2-devel-2.19.3-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"botan2-2.19.3-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.aarch64", + "name":"botan2-2.19.3-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"botan2-debugsource-2.19.3-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.aarch64", + "name":"botan2-debugsource-2.19.3-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-botan2-2.19.3-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.aarch64", + "name":"python3-botan2-2.19.3-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"botan2-debuginfo-2.19.3-3.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.aarch64", + "name":"botan2-debuginfo-2.19.3-3.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"botan2-doc-2.19.3-3.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:botan2-doc-2.19.3-3.oe2403.noarch", + "name":"botan2-doc-2.19.3-3.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"botan2-2.19.3-3.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.src", + "name":"botan2-2.19.3-3.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"botan2-devel-2.19.3-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.x86_64", + "name":"botan2-devel-2.19.3-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"botan2-debuginfo-2.19.3-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.x86_64", + "name":"botan2-debuginfo-2.19.3-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-botan2-2.19.3-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.x86_64", + "name":"python3-botan2-2.19.3-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"botan2-2.19.3-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.x86_64", + "name":"botan2-2.19.3-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"botan2-debugsource-2.19.3-3.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.x86_64", + "name":"botan2-debugsource-2.19.3-3.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-34702", + "notes":[ + { + "text":"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-doc-2.19.3-3.oe2403.noarch", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.src", + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-doc-2.19.3-3.oe2403.noarch", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.src", + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.x86_64" + ], + "details":"botan2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1923" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-doc-2.19.3-3.oe2403.noarch", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.src", + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-34702" + }, + { + "cve":"CVE-2024-34703", + "notes":[ + { + "text":"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-doc-2.19.3-3.oe2403.noarch", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.src", + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-doc-2.19.3-3.oe2403.noarch", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.src", + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.x86_64" + ], + "details":"botan2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1923" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-doc-2.19.3-3.oe2403.noarch", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.src", + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-34703" + }, + { + "cve":"CVE-2024-39312", + "notes":[ + { + "text":"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-doc-2.19.3-3.oe2403.noarch", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.src", + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-doc-2.19.3-3.oe2403.noarch", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.src", + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.x86_64" + ], + "details":"botan2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1923" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.aarch64", + "openEuler-24.03-LTS:botan2-doc-2.19.3-3.oe2403.noarch", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.src", + "openEuler-24.03-LTS:botan2-devel-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debuginfo-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:python3-botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-2.19.3-3.oe2403.x86_64", + "openEuler-24.03-LTS:botan2-debugsource-2.19.3-3.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39312" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1924.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1924.json new file mode 100644 index 0000000..eeb848d --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1924.json @@ -0,0 +1,653 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"botan2 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for botan2 is now available for openEuler-22.03-LTS-SP3.", + "category":"general", + "title":"Summary" + }, + { + "text":"Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \\#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. This is the current stable release branch 2.x of Botan.\n\nSecurity Fix(es):\n\nBotan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.(CVE-2024-34702)\n\nBotan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.\n(CVE-2024-34703)\n\nBotan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.(CVE-2024-39312)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for botan2 is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"botan2", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1924", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1924" + }, + { + "summary":"CVE-2024-34702", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-34702&packageName=botan2" + }, + { + "summary":"CVE-2024-34703", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-34703&packageName=botan2" + }, + { + "summary":"CVE-2024-39312", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39312&packageName=botan2" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34702" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34703" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39312" + }, + { + "summary":"openEuler-SA-2024-1924 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1924.json" + } + ], + "title":"An update for botan2 is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:57+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:57+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:57+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:57+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:30:57+08:00", + "id":"openEuler-SA-2024-1924", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"botan2-2.19.3-3.oe2203sp3.aarch64.rpm", + "name":"botan2-2.19.3-3.oe2203sp3.aarch64.rpm" + }, + "name":"botan2-2.19.3-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-botan2-2.19.3-3.oe2203sp3.aarch64.rpm", + "name":"python3-botan2-2.19.3-3.oe2203sp3.aarch64.rpm" + }, + "name":"python3-botan2-2.19.3-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"botan2-debugsource-2.19.3-3.oe2203sp3.aarch64.rpm", + "name":"botan2-debugsource-2.19.3-3.oe2203sp3.aarch64.rpm" + }, + "name":"botan2-debugsource-2.19.3-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"botan2-devel-2.19.3-3.oe2203sp3.aarch64.rpm", + "name":"botan2-devel-2.19.3-3.oe2203sp3.aarch64.rpm" + }, + "name":"botan2-devel-2.19.3-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64.rpm", + "name":"botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64.rpm" + }, + "name":"botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"botan2-doc-2.19.3-3.oe2203sp3.noarch.rpm", + "name":"botan2-doc-2.19.3-3.oe2203sp3.noarch.rpm" + }, + "name":"botan2-doc-2.19.3-3.oe2203sp3.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"botan2-2.19.3-3.oe2203sp3.src.rpm", + "name":"botan2-2.19.3-3.oe2203sp3.src.rpm" + }, + "name":"botan2-2.19.3-3.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-botan2-2.19.3-3.oe2203sp3.x86_64.rpm", + "name":"python3-botan2-2.19.3-3.oe2203sp3.x86_64.rpm" + }, + "name":"python3-botan2-2.19.3-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"botan2-debugsource-2.19.3-3.oe2203sp3.x86_64.rpm", + "name":"botan2-debugsource-2.19.3-3.oe2203sp3.x86_64.rpm" + }, + "name":"botan2-debugsource-2.19.3-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64.rpm", + "name":"botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64.rpm" + }, + "name":"botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"botan2-2.19.3-3.oe2203sp3.x86_64.rpm", + "name":"botan2-2.19.3-3.oe2203sp3.x86_64.rpm" + }, + "name":"botan2-2.19.3-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"botan2-devel-2.19.3-3.oe2203sp3.x86_64.rpm", + "name":"botan2-devel-2.19.3-3.oe2203sp3.x86_64.rpm" + }, + "name":"botan2-devel-2.19.3-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"botan2-2.19.3-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.aarch64", + "name":"botan2-2.19.3-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-botan2-2.19.3-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.aarch64", + "name":"python3-botan2-2.19.3-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"botan2-debugsource-2.19.3-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.aarch64", + "name":"botan2-debugsource-2.19.3-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"botan2-devel-2.19.3-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.aarch64", + "name":"botan2-devel-2.19.3-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64", + "name":"botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"botan2-doc-2.19.3-3.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:botan2-doc-2.19.3-3.oe2203sp3.noarch", + "name":"botan2-doc-2.19.3-3.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"botan2-2.19.3-3.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.src", + "name":"botan2-2.19.3-3.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-botan2-2.19.3-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.x86_64", + "name":"python3-botan2-2.19.3-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"botan2-debugsource-2.19.3-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.x86_64", + "name":"botan2-debugsource-2.19.3-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64", + "name":"botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"botan2-2.19.3-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.x86_64", + "name":"botan2-2.19.3-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"botan2-devel-2.19.3-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.x86_64", + "name":"botan2-devel-2.19.3-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-34702", + "notes":[ + { + "text":"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-doc-2.19.3-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-doc-2.19.3-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.x86_64" + ], + "details":"botan2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1924" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-doc-2.19.3-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-34702" + }, + { + "cve":"CVE-2024-34703", + "notes":[ + { + "text":"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-doc-2.19.3-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-doc-2.19.3-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.x86_64" + ], + "details":"botan2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1924" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-doc-2.19.3-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-34703" + }, + { + "cve":"CVE-2024-39312", + "notes":[ + { + "text":"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-doc-2.19.3-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-doc-2.19.3-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.x86_64" + ], + "details":"botan2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1924" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:botan2-doc-2.19.3-3.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:python3-botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debugsource-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-debuginfo-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-2.19.3-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:botan2-devel-2.19.3-3.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39312" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1925.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1925.json new file mode 100644 index 0000000..255af1c --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1925.json @@ -0,0 +1,653 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"botan2 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for botan2 is now available for openEuler-22.03-LTS-SP4.", + "category":"general", + "title":"Summary" + }, + { + "text":"Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \\#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. This is the current stable release branch 2.x of Botan.\n\nSecurity Fix(es):\n\nBotan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.(CVE-2024-34702)\n\nBotan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.\n(CVE-2024-34703)\n\nBotan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.(CVE-2024-39312)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for botan2 is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"botan2", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1925", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1925" + }, + { + "summary":"CVE-2024-34702", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-34702&packageName=botan2" + }, + { + "summary":"CVE-2024-34703", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-34703&packageName=botan2" + }, + { + "summary":"CVE-2024-39312", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39312&packageName=botan2" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34702" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34703" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39312" + }, + { + "summary":"openEuler-SA-2024-1925 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1925.json" + } + ], + "title":"An update for botan2 is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-08-02T19:41:59+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:41:59+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:30:59+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:30:59+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:30:59+08:00", + "id":"openEuler-SA-2024-1925", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python3-botan2-2.19.3-3.oe2203sp4.aarch64.rpm", + "name":"python3-botan2-2.19.3-3.oe2203sp4.aarch64.rpm" + }, + "name":"python3-botan2-2.19.3-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"botan2-2.19.3-3.oe2203sp4.aarch64.rpm", + "name":"botan2-2.19.3-3.oe2203sp4.aarch64.rpm" + }, + "name":"botan2-2.19.3-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"botan2-debugsource-2.19.3-3.oe2203sp4.aarch64.rpm", + "name":"botan2-debugsource-2.19.3-3.oe2203sp4.aarch64.rpm" + }, + "name":"botan2-debugsource-2.19.3-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"botan2-devel-2.19.3-3.oe2203sp4.aarch64.rpm", + "name":"botan2-devel-2.19.3-3.oe2203sp4.aarch64.rpm" + }, + "name":"botan2-devel-2.19.3-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64.rpm", + "name":"botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64.rpm" + }, + "name":"botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"botan2-doc-2.19.3-3.oe2203sp4.noarch.rpm", + "name":"botan2-doc-2.19.3-3.oe2203sp4.noarch.rpm" + }, + "name":"botan2-doc-2.19.3-3.oe2203sp4.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"botan2-2.19.3-3.oe2203sp4.src.rpm", + "name":"botan2-2.19.3-3.oe2203sp4.src.rpm" + }, + "name":"botan2-2.19.3-3.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"botan2-debugsource-2.19.3-3.oe2203sp4.x86_64.rpm", + "name":"botan2-debugsource-2.19.3-3.oe2203sp4.x86_64.rpm" + }, + "name":"botan2-debugsource-2.19.3-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64.rpm", + "name":"botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64.rpm" + }, + "name":"botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"botan2-2.19.3-3.oe2203sp4.x86_64.rpm", + "name":"botan2-2.19.3-3.oe2203sp4.x86_64.rpm" + }, + "name":"botan2-2.19.3-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python3-botan2-2.19.3-3.oe2203sp4.x86_64.rpm", + "name":"python3-botan2-2.19.3-3.oe2203sp4.x86_64.rpm" + }, + "name":"python3-botan2-2.19.3-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"botan2-devel-2.19.3-3.oe2203sp4.x86_64.rpm", + "name":"botan2-devel-2.19.3-3.oe2203sp4.x86_64.rpm" + }, + "name":"botan2-devel-2.19.3-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python3-botan2-2.19.3-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.aarch64", + "name":"python3-botan2-2.19.3-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"botan2-2.19.3-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.aarch64", + "name":"botan2-2.19.3-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"botan2-debugsource-2.19.3-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.aarch64", + "name":"botan2-debugsource-2.19.3-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"botan2-devel-2.19.3-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.aarch64", + "name":"botan2-devel-2.19.3-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64", + "name":"botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"botan2-doc-2.19.3-3.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:botan2-doc-2.19.3-3.oe2203sp4.noarch", + "name":"botan2-doc-2.19.3-3.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"botan2-2.19.3-3.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.src", + "name":"botan2-2.19.3-3.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"botan2-debugsource-2.19.3-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.x86_64", + "name":"botan2-debugsource-2.19.3-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64", + "name":"botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"botan2-2.19.3-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.x86_64", + "name":"botan2-2.19.3-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python3-botan2-2.19.3-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.x86_64", + "name":"python3-botan2-2.19.3-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"botan2-devel-2.19.3-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.x86_64", + "name":"botan2-devel-2.19.3-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-34702", + "notes":[ + { + "text":"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-doc-2.19.3-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-doc-2.19.3-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.x86_64" + ], + "details":"botan2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1925" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-doc-2.19.3-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-34702" + }, + { + "cve":"CVE-2024-34703", + "notes":[ + { + "text":"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-doc-2.19.3-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-doc-2.19.3-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.x86_64" + ], + "details":"botan2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1925" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-doc-2.19.3-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-34703" + }, + { + "cve":"CVE-2024-39312", + "notes":[ + { + "text":"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-doc-2.19.3-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-doc-2.19.3-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.x86_64" + ], + "details":"botan2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1925" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:botan2-doc-2.19.3-3.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:botan2-debugsource-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-debuginfo-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:python3-botan2-2.19.3-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:botan2-devel-2.19.3-3.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39312" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1926.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1926.json new file mode 100644 index 0000000..dc6fd5d --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1926.json @@ -0,0 +1,689 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"exim security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for exim is now available for openEuler-22.03-LTS-SP3.", + "category":"general", + "title":"Summary" + }, + { + "text":"Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.\n\nSecurity Fix(es):\n\nA vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.(CVE-2022-3559)\n\nExim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.(CVE-2023-51766)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for exim is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"exim", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1926", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1926" + }, + { + "summary":"CVE-2022-3559", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-3559&packageName=exim" + }, + { + "summary":"CVE-2023-51766", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-51766&packageName=exim" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3559" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51766" + }, + { + "summary":"openEuler-SA-2024-1926 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1926.json" + } + ], + "title":"An update for exim is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:00+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:00+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:00+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:00+08:00", + "id":"openEuler-SA-2024-1926", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-debuginfo-4.96-3.oe2203sp3.aarch64.rpm", + "name":"exim-debuginfo-4.96-3.oe2203sp3.aarch64.rpm" + }, + "name":"exim-debuginfo-4.96-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-greylist-4.96-3.oe2203sp3.aarch64.rpm", + "name":"exim-greylist-4.96-3.oe2203sp3.aarch64.rpm" + }, + "name":"exim-greylist-4.96-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-mysql-4.96-3.oe2203sp3.aarch64.rpm", + "name":"exim-mysql-4.96-3.oe2203sp3.aarch64.rpm" + }, + "name":"exim-mysql-4.96-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-clamav-4.96-3.oe2203sp3.aarch64.rpm", + "name":"exim-clamav-4.96-3.oe2203sp3.aarch64.rpm" + }, + "name":"exim-clamav-4.96-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-debugsource-4.96-3.oe2203sp3.aarch64.rpm", + "name":"exim-debugsource-4.96-3.oe2203sp3.aarch64.rpm" + }, + "name":"exim-debugsource-4.96-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-4.96-3.oe2203sp3.aarch64.rpm", + "name":"exim-4.96-3.oe2203sp3.aarch64.rpm" + }, + "name":"exim-4.96-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-mon-4.96-3.oe2203sp3.aarch64.rpm", + "name":"exim-mon-4.96-3.oe2203sp3.aarch64.rpm" + }, + "name":"exim-mon-4.96-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-pgsql-4.96-3.oe2203sp3.aarch64.rpm", + "name":"exim-pgsql-4.96-3.oe2203sp3.aarch64.rpm" + }, + "name":"exim-pgsql-4.96-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-4.96-3.oe2203sp3.src.rpm", + "name":"exim-4.96-3.oe2203sp3.src.rpm" + }, + "name":"exim-4.96-3.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-mon-4.96-3.oe2203sp3.x86_64.rpm", + "name":"exim-mon-4.96-3.oe2203sp3.x86_64.rpm" + }, + "name":"exim-mon-4.96-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-greylist-4.96-3.oe2203sp3.x86_64.rpm", + "name":"exim-greylist-4.96-3.oe2203sp3.x86_64.rpm" + }, + "name":"exim-greylist-4.96-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-pgsql-4.96-3.oe2203sp3.x86_64.rpm", + "name":"exim-pgsql-4.96-3.oe2203sp3.x86_64.rpm" + }, + "name":"exim-pgsql-4.96-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-debugsource-4.96-3.oe2203sp3.x86_64.rpm", + "name":"exim-debugsource-4.96-3.oe2203sp3.x86_64.rpm" + }, + "name":"exim-debugsource-4.96-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-mysql-4.96-3.oe2203sp3.x86_64.rpm", + "name":"exim-mysql-4.96-3.oe2203sp3.x86_64.rpm" + }, + "name":"exim-mysql-4.96-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-debuginfo-4.96-3.oe2203sp3.x86_64.rpm", + "name":"exim-debuginfo-4.96-3.oe2203sp3.x86_64.rpm" + }, + "name":"exim-debuginfo-4.96-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-clamav-4.96-3.oe2203sp3.x86_64.rpm", + "name":"exim-clamav-4.96-3.oe2203sp3.x86_64.rpm" + }, + "name":"exim-clamav-4.96-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"exim-4.96-3.oe2203sp3.x86_64.rpm", + "name":"exim-4.96-3.oe2203sp3.x86_64.rpm" + }, + "name":"exim-4.96-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-debuginfo-4.96-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", + "name":"exim-debuginfo-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-greylist-4.96-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", + "name":"exim-greylist-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-mysql-4.96-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", + "name":"exim-mysql-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-clamav-4.96-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", + "name":"exim-clamav-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-debugsource-4.96-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", + "name":"exim-debugsource-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-4.96-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", + "name":"exim-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-mon-4.96-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", + "name":"exim-mon-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-pgsql-4.96-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", + "name":"exim-pgsql-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-4.96-3.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", + "name":"exim-4.96-3.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-mon-4.96-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", + "name":"exim-mon-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-greylist-4.96-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", + "name":"exim-greylist-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-pgsql-4.96-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", + "name":"exim-pgsql-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-debugsource-4.96-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", + "name":"exim-debugsource-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-mysql-4.96-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", + "name":"exim-mysql-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-debuginfo-4.96-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", + "name":"exim-debuginfo-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-clamav-4.96-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", + "name":"exim-clamav-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"exim-4.96-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64", + "name":"exim-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2022-3559", + "notes":[ + { + "text":"A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" + ], + "details":"exim security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1926" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2022-3559" + }, + { + "cve":"CVE-2023-51766", + "notes":[ + { + "text":"Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" + ], + "details":"exim security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1926" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-51766" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1927.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1927.json new file mode 100644 index 0000000..a22f024 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1927.json @@ -0,0 +1,689 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"exim security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for exim is now available for openEuler-22.03-LTS-SP4.", + "category":"general", + "title":"Summary" + }, + { + "text":"Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.\n\nSecurity Fix(es):\n\nA vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.(CVE-2022-3559)\n\nExim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.(CVE-2023-51766)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for exim is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"exim", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1927", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1927" + }, + { + "summary":"CVE-2022-3559", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-3559&packageName=exim" + }, + { + "summary":"CVE-2023-51766", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-51766&packageName=exim" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3559" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51766" + }, + { + "summary":"openEuler-SA-2024-1927 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1927.json" + } + ], + "title":"An update for exim is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:01+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:01+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:01+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:01+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:01+08:00", + "id":"openEuler-SA-2024-1927", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-debugsource-4.96-3.oe2203sp4.aarch64.rpm", + "name":"exim-debugsource-4.96-3.oe2203sp4.aarch64.rpm" + }, + "name":"exim-debugsource-4.96-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-4.96-3.oe2203sp4.aarch64.rpm", + "name":"exim-4.96-3.oe2203sp4.aarch64.rpm" + }, + "name":"exim-4.96-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-clamav-4.96-3.oe2203sp4.aarch64.rpm", + "name":"exim-clamav-4.96-3.oe2203sp4.aarch64.rpm" + }, + "name":"exim-clamav-4.96-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-pgsql-4.96-3.oe2203sp4.aarch64.rpm", + "name":"exim-pgsql-4.96-3.oe2203sp4.aarch64.rpm" + }, + "name":"exim-pgsql-4.96-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-mon-4.96-3.oe2203sp4.aarch64.rpm", + "name":"exim-mon-4.96-3.oe2203sp4.aarch64.rpm" + }, + "name":"exim-mon-4.96-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-debuginfo-4.96-3.oe2203sp4.aarch64.rpm", + "name":"exim-debuginfo-4.96-3.oe2203sp4.aarch64.rpm" + }, + "name":"exim-debuginfo-4.96-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-mysql-4.96-3.oe2203sp4.aarch64.rpm", + "name":"exim-mysql-4.96-3.oe2203sp4.aarch64.rpm" + }, + "name":"exim-mysql-4.96-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-greylist-4.96-3.oe2203sp4.aarch64.rpm", + "name":"exim-greylist-4.96-3.oe2203sp4.aarch64.rpm" + }, + "name":"exim-greylist-4.96-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-4.96-3.oe2203sp4.src.rpm", + "name":"exim-4.96-3.oe2203sp4.src.rpm" + }, + "name":"exim-4.96-3.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-debugsource-4.96-3.oe2203sp4.x86_64.rpm", + "name":"exim-debugsource-4.96-3.oe2203sp4.x86_64.rpm" + }, + "name":"exim-debugsource-4.96-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-mysql-4.96-3.oe2203sp4.x86_64.rpm", + "name":"exim-mysql-4.96-3.oe2203sp4.x86_64.rpm" + }, + "name":"exim-mysql-4.96-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-clamav-4.96-3.oe2203sp4.x86_64.rpm", + "name":"exim-clamav-4.96-3.oe2203sp4.x86_64.rpm" + }, + "name":"exim-clamav-4.96-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-4.96-3.oe2203sp4.x86_64.rpm", + "name":"exim-4.96-3.oe2203sp4.x86_64.rpm" + }, + "name":"exim-4.96-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-pgsql-4.96-3.oe2203sp4.x86_64.rpm", + "name":"exim-pgsql-4.96-3.oe2203sp4.x86_64.rpm" + }, + "name":"exim-pgsql-4.96-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-debuginfo-4.96-3.oe2203sp4.x86_64.rpm", + "name":"exim-debuginfo-4.96-3.oe2203sp4.x86_64.rpm" + }, + "name":"exim-debuginfo-4.96-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-mon-4.96-3.oe2203sp4.x86_64.rpm", + "name":"exim-mon-4.96-3.oe2203sp4.x86_64.rpm" + }, + "name":"exim-mon-4.96-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"exim-greylist-4.96-3.oe2203sp4.x86_64.rpm", + "name":"exim-greylist-4.96-3.oe2203sp4.x86_64.rpm" + }, + "name":"exim-greylist-4.96-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-debugsource-4.96-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.aarch64", + "name":"exim-debugsource-4.96-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-4.96-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.aarch64", + "name":"exim-4.96-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-clamav-4.96-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.aarch64", + "name":"exim-clamav-4.96-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-pgsql-4.96-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.aarch64", + "name":"exim-pgsql-4.96-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-mon-4.96-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.aarch64", + "name":"exim-mon-4.96-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-debuginfo-4.96-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.aarch64", + "name":"exim-debuginfo-4.96-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-mysql-4.96-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.aarch64", + "name":"exim-mysql-4.96-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-greylist-4.96-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.aarch64", + "name":"exim-greylist-4.96-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-4.96-3.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.src", + "name":"exim-4.96-3.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-debugsource-4.96-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.x86_64", + "name":"exim-debugsource-4.96-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-mysql-4.96-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.x86_64", + "name":"exim-mysql-4.96-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-clamav-4.96-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.x86_64", + "name":"exim-clamav-4.96-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-4.96-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.x86_64", + "name":"exim-4.96-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-pgsql-4.96-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.x86_64", + "name":"exim-pgsql-4.96-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-debuginfo-4.96-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.x86_64", + "name":"exim-debuginfo-4.96-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-mon-4.96-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.x86_64", + "name":"exim-mon-4.96-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"exim-greylist-4.96-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.x86_64", + "name":"exim-greylist-4.96-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2022-3559", + "notes":[ + { + "text":"A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.x86_64" + ], + "details":"exim security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1927" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2022-3559" + }, + { + "cve":"CVE-2023-51766", + "notes":[ + { + "text":"Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.x86_64" + ], + "details":"exim security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1927" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:exim-debugsource-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mysql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-clamav-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-pgsql-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-debuginfo-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-mon-4.96-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:exim-greylist-4.96-3.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-51766" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1928.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1928.json new file mode 100644 index 0000000..d991fde --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1928.json @@ -0,0 +1,586 @@ +{ + "document": { + "aggregate_severity": { + "namespace": "https://nvd.nist.gov/vuln-metrics/cvss", + "text": "Medium" + }, + "category": "csaf_vex", + "csaf_version": "2.0", + "distribution": { + "tlp": { + "label": "WHITE", + "url": "https:/www.first.org/tlp/" + } + }, + "lang": "en", + "notes": [ + { + "text": "exim security update", + "category": "general", + "title": "Synopsis" + }, + { + "text": "An update for exim is now available for openEuler-24.03-LTS.", + "category": "general", + "title": "Summary" + }, + { + "text": "Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.\n\nSecurity Fix(es):\n\nExim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.(CVE-2023-51766)", + "category": "general", + "title": "Description" + }, + { + "text": "An update for exim is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category": "general", + "title": "Topic" + }, + { + "text": "Medium", + "category": "general", + "title": "Severity" + }, + { + "text": "exim", + "category": "general", + "title": "Affected Component" + } + ], + "publisher": { + "issuing_authority": "openEuler security committee", + "name": "openEuler", + "namespace": "https://www.openeuler.org", + "contact_details": "openeuler-security@openeuler.org", + "category": "vendor" + }, + "references": [ + { + "summary": "openEuler-SA-2024-1928", + "category": "self", + "url": "https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1928" + }, + { + "summary": "CVE-2023-51766", + "category": "self", + "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-51766&packageName=exim" + }, + { + "summary": "nvd cve", + "category": "external", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51766" + }, + { + "summary": "openEuler-SA-2024-1928 vex file", + "category": "self", + "url": "https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1928.json" + } + ], + "title": "An update for exim is now available for openEuler-24.03-LTS", + "tracking": { + "initial_release_date": "2024-08-02T19:42:03+08:00", + "revision_history": [ + { + "date": "2024-08-02T19:42:03+08:00", + "summary": "Initial", + "number": "1.0.0" + }, + { + "date": "2024-08-05T11:31:03+08:00", + "summary": "final", + "number": "2.0.0" + } + ], + "generator": { + "date": "2024-08-05T11:31:03+08:00", + "engine": { + "name": "openEuler CSAF Tool V1.0" + } + }, + "current_release_date": "2024-08-05T11:31:03+08:00", + "id": "openEuler-SA-2024-1928", + "version": "2.0.0", + "status": "final" + } + }, + "product_tree": { + "branches": [ + { + "name": "openEuler", + "category": "vendor", + "branches": [ + { + "name": "openEuler", + "branches": [ + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "openEuler-24.03-LTS", + "name": "openEuler-24.03-LTS" + }, + "name": "openEuler-24.03-LTS", + "category": "product_version" + } + ], + "category": "product_name" + }, + { + "name": "aarch64", + "branches": [ + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-4.97.1-2.oe2403.aarch64.rpm", + "name": "exim-4.97.1-2.oe2403.aarch64.rpm" + }, + "name": "exim-4.97.1-2.oe2403.aarch64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-debugsource-4.97.1-2.oe2403.aarch64.rpm", + "name": "exim-debugsource-4.97.1-2.oe2403.aarch64.rpm" + }, + "name": "exim-debugsource-4.97.1-2.oe2403.aarch64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-greylist-4.97.1-2.oe2403.aarch64.rpm", + "name": "exim-greylist-4.97.1-2.oe2403.aarch64.rpm" + }, + "name": "exim-greylist-4.97.1-2.oe2403.aarch64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-debuginfo-4.97.1-2.oe2403.aarch64.rpm", + "name": "exim-debuginfo-4.97.1-2.oe2403.aarch64.rpm" + }, + "name": "exim-debuginfo-4.97.1-2.oe2403.aarch64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-mysql-4.97.1-2.oe2403.aarch64.rpm", + "name": "exim-mysql-4.97.1-2.oe2403.aarch64.rpm" + }, + "name": "exim-mysql-4.97.1-2.oe2403.aarch64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-mon-4.97.1-2.oe2403.aarch64.rpm", + "name": "exim-mon-4.97.1-2.oe2403.aarch64.rpm" + }, + "name": "exim-mon-4.97.1-2.oe2403.aarch64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-pgsql-4.97.1-2.oe2403.aarch64.rpm", + "name": "exim-pgsql-4.97.1-2.oe2403.aarch64.rpm" + }, + "name": "exim-pgsql-4.97.1-2.oe2403.aarch64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-clamav-4.97.1-2.oe2403.aarch64.rpm", + "name": "exim-clamav-4.97.1-2.oe2403.aarch64.rpm" + }, + "name": "exim-clamav-4.97.1-2.oe2403.aarch64.rpm", + "category": "product_version" + } + ], + "category": "product_name" + }, + { + "name": "src", + "branches": [ + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-4.97.1-2.oe2403.src.rpm", + "name": "exim-4.97.1-2.oe2403.src.rpm" + }, + "name": "exim-4.97.1-2.oe2403.src.rpm", + "category": "product_version" + } + ], + "category": "product_name" + }, + { + "name": "x86_64", + "branches": [ + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-greylist-4.97.1-2.oe2403.x86_64.rpm", + "name": "exim-greylist-4.97.1-2.oe2403.x86_64.rpm" + }, + "name": "exim-greylist-4.97.1-2.oe2403.x86_64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-clamav-4.97.1-2.oe2403.x86_64.rpm", + "name": "exim-clamav-4.97.1-2.oe2403.x86_64.rpm" + }, + "name": "exim-clamav-4.97.1-2.oe2403.x86_64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-pgsql-4.97.1-2.oe2403.x86_64.rpm", + "name": "exim-pgsql-4.97.1-2.oe2403.x86_64.rpm" + }, + "name": "exim-pgsql-4.97.1-2.oe2403.x86_64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-debuginfo-4.97.1-2.oe2403.x86_64.rpm", + "name": "exim-debuginfo-4.97.1-2.oe2403.x86_64.rpm" + }, + "name": "exim-debuginfo-4.97.1-2.oe2403.x86_64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-mysql-4.97.1-2.oe2403.x86_64.rpm", + "name": "exim-mysql-4.97.1-2.oe2403.x86_64.rpm" + }, + "name": "exim-mysql-4.97.1-2.oe2403.x86_64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-mon-4.97.1-2.oe2403.x86_64.rpm", + "name": "exim-mon-4.97.1-2.oe2403.x86_64.rpm" + }, + "name": "exim-mon-4.97.1-2.oe2403.x86_64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-4.97.1-2.oe2403.x86_64.rpm", + "name": "exim-4.97.1-2.oe2403.x86_64.rpm" + }, + "name": "exim-4.97.1-2.oe2403.x86_64.rpm", + "category": "product_version" + }, + { + "product": { + "product_identification_helper": { + "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id": "exim-debugsource-4.97.1-2.oe2403.x86_64.rpm", + "name": "exim-debugsource-4.97.1-2.oe2403.x86_64.rpm" + }, + "name": "exim-debugsource-4.97.1-2.oe2403.x86_64.rpm", + "category": "product_version" + } + ], + "category": "product_name" + } + ] + } + ], + "relationships": [ + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-4.97.1-2.oe2403.aarch64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.aarch64", + "name": "exim-4.97.1-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-debugsource-4.97.1-2.oe2403.aarch64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-debugsource-4.97.1-2.oe2403.aarch64", + "name": "exim-debugsource-4.97.1-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-greylist-4.97.1-2.oe2403.aarch64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-greylist-4.97.1-2.oe2403.aarch64", + "name": "exim-greylist-4.97.1-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-debuginfo-4.97.1-2.oe2403.aarch64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-debuginfo-4.97.1-2.oe2403.aarch64", + "name": "exim-debuginfo-4.97.1-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-mysql-4.97.1-2.oe2403.aarch64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-mysql-4.97.1-2.oe2403.aarch64", + "name": "exim-mysql-4.97.1-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-mon-4.97.1-2.oe2403.aarch64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-mon-4.97.1-2.oe2403.aarch64", + "name": "exim-mon-4.97.1-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-pgsql-4.97.1-2.oe2403.aarch64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-pgsql-4.97.1-2.oe2403.aarch64", + "name": "exim-pgsql-4.97.1-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-clamav-4.97.1-2.oe2403.aarch64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-clamav-4.97.1-2.oe2403.aarch64", + "name": "exim-clamav-4.97.1-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-4.97.1-2.oe2403.src.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.src", + "name": "exim-4.97.1-2.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-greylist-4.97.1-2.oe2403.x86_64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-greylist-4.97.1-2.oe2403.x86_64", + "name": "exim-greylist-4.97.1-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-clamav-4.97.1-2.oe2403.x86_64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-clamav-4.97.1-2.oe2403.x86_64", + "name": "exim-clamav-4.97.1-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-pgsql-4.97.1-2.oe2403.x86_64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-pgsql-4.97.1-2.oe2403.x86_64", + "name": "exim-pgsql-4.97.1-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-debuginfo-4.97.1-2.oe2403.x86_64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-debuginfo-4.97.1-2.oe2403.x86_64", + "name": "exim-debuginfo-4.97.1-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-mysql-4.97.1-2.oe2403.x86_64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-mysql-4.97.1-2.oe2403.x86_64", + "name": "exim-mysql-4.97.1-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-mon-4.97.1-2.oe2403.x86_64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-mon-4.97.1-2.oe2403.x86_64", + "name": "exim-mon-4.97.1-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-4.97.1-2.oe2403.x86_64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.x86_64", + "name": "exim-4.97.1-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + }, + { + "relates_to_product_reference": "openEuler-24.03-LTS", + "product_reference": "exim-debugsource-4.97.1-2.oe2403.x86_64.rpm", + "full_product_name": { + "product_id": "openEuler-24.03-LTS:exim-debugsource-4.97.1-2.oe2403.x86_64", + "name": "exim-debugsource-4.97.1-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category": "default_component_of" + } + ] + }, + "vulnerabilities": [ + { + "cve": "CVE-2023-51766", + "notes": [ + { + "text": "Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.", + "category": "description", + "title": "Vulnerability Description" + } + ], + "product_status": { + "fixed": [ + "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-debugsource-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-greylist-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-debuginfo-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-mysql-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-mon-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-pgsql-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-clamav-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.src", + "openEuler-24.03-LTS:exim-greylist-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-clamav-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-pgsql-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-debuginfo-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-mysql-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-mon-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-debugsource-4.97.1-2.oe2403.x86_64" + ] + }, + "remediations": [ + { + "product_ids": [ + "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-debugsource-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-greylist-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-debuginfo-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-mysql-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-mon-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-pgsql-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-clamav-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.src", + "openEuler-24.03-LTS:exim-greylist-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-clamav-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-pgsql-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-debuginfo-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-mysql-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-mon-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-debugsource-4.97.1-2.oe2403.x86_64" + ], + "details": "exim security update", + "category": "vendor_fix", + "url": "https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1928" + } + ], + "scores": [ + { + "cvss_v3": { + "baseSeverity": "MEDIUM", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "products": [ + "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-debugsource-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-greylist-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-debuginfo-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-mysql-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-mon-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-pgsql-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-clamav-4.97.1-2.oe2403.aarch64", + "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.src", + "openEuler-24.03-LTS:exim-greylist-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-clamav-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-pgsql-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-debuginfo-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-mysql-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-mon-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-4.97.1-2.oe2403.x86_64", + "openEuler-24.03-LTS:exim-debugsource-4.97.1-2.oe2403.x86_64" + ] + } + ], + "threats": [ + { + "details": "Medium", + "category": "impact" + } + ], + "title": "CVE-2023-51766" + } + ] + } \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1929.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1929.json new file mode 100644 index 0000000..0ba95e4 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1929.json @@ -0,0 +1,448 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mpv security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mpv is now available for openEuler-22.03-LTS-SP3.", + "category":"general", + "title":"Summary" + }, + { + "text":"Mpv is a movie player based on MPlayer and mplayer2. It supports a wide variety of video file formats, audio and video codecs, and subtitle types. Special input URL types are available to read input from a variety of sources other than disk files. Depending on platform, a variety of different video and audio output methods are supported.\n\nSecurity Fix(es):\n\nA format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.(CVE-2021-30145)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mpv is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"mpv", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1929", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1929" + }, + { + "summary":"CVE-2021-30145", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-30145&packageName=mpv" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30145" + }, + { + "summary":"openEuler-SA-2024-1929 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1929.json" + } + ], + "title":"An update for mpv is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:04+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:04+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:04+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:04+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:04+08:00", + "id":"openEuler-SA-2024-1929", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-libs-devel-0.32.0-3.oe2203sp3.aarch64.rpm", + "name":"mpv-libs-devel-0.32.0-3.oe2203sp3.aarch64.rpm" + }, + "name":"mpv-libs-devel-0.32.0-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-debugsource-0.32.0-3.oe2203sp3.aarch64.rpm", + "name":"mpv-debugsource-0.32.0-3.oe2203sp3.aarch64.rpm" + }, + "name":"mpv-debugsource-0.32.0-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-libs-0.32.0-3.oe2203sp3.aarch64.rpm", + "name":"mpv-libs-0.32.0-3.oe2203sp3.aarch64.rpm" + }, + "name":"mpv-libs-0.32.0-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-debuginfo-0.32.0-3.oe2203sp3.aarch64.rpm", + "name":"mpv-debuginfo-0.32.0-3.oe2203sp3.aarch64.rpm" + }, + "name":"mpv-debuginfo-0.32.0-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-0.32.0-3.oe2203sp3.aarch64.rpm", + "name":"mpv-0.32.0-3.oe2203sp3.aarch64.rpm" + }, + "name":"mpv-0.32.0-3.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-0.32.0-3.oe2203sp3.src.rpm", + "name":"mpv-0.32.0-3.oe2203sp3.src.rpm" + }, + "name":"mpv-0.32.0-3.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-debuginfo-0.32.0-3.oe2203sp3.x86_64.rpm", + "name":"mpv-debuginfo-0.32.0-3.oe2203sp3.x86_64.rpm" + }, + "name":"mpv-debuginfo-0.32.0-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-libs-devel-0.32.0-3.oe2203sp3.x86_64.rpm", + "name":"mpv-libs-devel-0.32.0-3.oe2203sp3.x86_64.rpm" + }, + "name":"mpv-libs-devel-0.32.0-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-debugsource-0.32.0-3.oe2203sp3.x86_64.rpm", + "name":"mpv-debugsource-0.32.0-3.oe2203sp3.x86_64.rpm" + }, + "name":"mpv-debugsource-0.32.0-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-libs-0.32.0-3.oe2203sp3.x86_64.rpm", + "name":"mpv-libs-0.32.0-3.oe2203sp3.x86_64.rpm" + }, + "name":"mpv-libs-0.32.0-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mpv-0.32.0-3.oe2203sp3.x86_64.rpm", + "name":"mpv-0.32.0-3.oe2203sp3.x86_64.rpm" + }, + "name":"mpv-0.32.0-3.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-libs-devel-0.32.0-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-libs-devel-0.32.0-3.oe2203sp3.aarch64", + "name":"mpv-libs-devel-0.32.0-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-debugsource-0.32.0-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-debugsource-0.32.0-3.oe2203sp3.aarch64", + "name":"mpv-debugsource-0.32.0-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-libs-0.32.0-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-libs-0.32.0-3.oe2203sp3.aarch64", + "name":"mpv-libs-0.32.0-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-debuginfo-0.32.0-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-debuginfo-0.32.0-3.oe2203sp3.aarch64", + "name":"mpv-debuginfo-0.32.0-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-0.32.0-3.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.aarch64", + "name":"mpv-0.32.0-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-0.32.0-3.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.src", + "name":"mpv-0.32.0-3.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-debuginfo-0.32.0-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-debuginfo-0.32.0-3.oe2203sp3.x86_64", + "name":"mpv-debuginfo-0.32.0-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-libs-devel-0.32.0-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-libs-devel-0.32.0-3.oe2203sp3.x86_64", + "name":"mpv-libs-devel-0.32.0-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-debugsource-0.32.0-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-debugsource-0.32.0-3.oe2203sp3.x86_64", + "name":"mpv-debugsource-0.32.0-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-libs-0.32.0-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-libs-0.32.0-3.oe2203sp3.x86_64", + "name":"mpv-libs-0.32.0-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mpv-0.32.0-3.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.x86_64", + "name":"mpv-0.32.0-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2021-30145", + "notes":[ + { + "text":"A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mpv-libs-devel-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-debugsource-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-libs-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-debuginfo-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mpv-debuginfo-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-libs-devel-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-debugsource-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-libs-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mpv-libs-devel-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-debugsource-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-libs-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-debuginfo-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mpv-debuginfo-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-libs-devel-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-debugsource-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-libs-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.x86_64" + ], + "details":"mpv security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1929" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mpv-libs-devel-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-debugsource-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-libs-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-debuginfo-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mpv-debuginfo-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-libs-devel-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-debugsource-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-libs-0.32.0-3.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mpv-0.32.0-3.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2021-30145" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1930.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1930.json new file mode 100644 index 0000000..a188d98 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1930.json @@ -0,0 +1,448 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mpv security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mpv is now available for openEuler-22.03-LTS-SP4.", + "category":"general", + "title":"Summary" + }, + { + "text":"Mpv is a movie player based on MPlayer and mplayer2. It supports a wide variety of video file formats, audio and video codecs, and subtitle types. Special input URL types are available to read input from a variety of sources other than disk files. Depending on platform, a variety of different video and audio output methods are supported.\n\nSecurity Fix(es):\n\nA format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.(CVE-2021-30145)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mpv is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"mpv", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1930", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1930" + }, + { + "summary":"CVE-2021-30145", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-30145&packageName=mpv" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30145" + }, + { + "summary":"openEuler-SA-2024-1930 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1930.json" + } + ], + "title":"An update for mpv is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:05+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:05+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:05+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:05+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:05+08:00", + "id":"openEuler-SA-2024-1930", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-debuginfo-0.32.0-3.oe2203sp4.aarch64.rpm", + "name":"mpv-debuginfo-0.32.0-3.oe2203sp4.aarch64.rpm" + }, + "name":"mpv-debuginfo-0.32.0-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-0.32.0-3.oe2203sp4.aarch64.rpm", + "name":"mpv-0.32.0-3.oe2203sp4.aarch64.rpm" + }, + "name":"mpv-0.32.0-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-libs-devel-0.32.0-3.oe2203sp4.aarch64.rpm", + "name":"mpv-libs-devel-0.32.0-3.oe2203sp4.aarch64.rpm" + }, + "name":"mpv-libs-devel-0.32.0-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-libs-0.32.0-3.oe2203sp4.aarch64.rpm", + "name":"mpv-libs-0.32.0-3.oe2203sp4.aarch64.rpm" + }, + "name":"mpv-libs-0.32.0-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-debugsource-0.32.0-3.oe2203sp4.aarch64.rpm", + "name":"mpv-debugsource-0.32.0-3.oe2203sp4.aarch64.rpm" + }, + "name":"mpv-debugsource-0.32.0-3.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-0.32.0-3.oe2203sp4.src.rpm", + "name":"mpv-0.32.0-3.oe2203sp4.src.rpm" + }, + "name":"mpv-0.32.0-3.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-debugsource-0.32.0-3.oe2203sp4.x86_64.rpm", + "name":"mpv-debugsource-0.32.0-3.oe2203sp4.x86_64.rpm" + }, + "name":"mpv-debugsource-0.32.0-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-0.32.0-3.oe2203sp4.x86_64.rpm", + "name":"mpv-0.32.0-3.oe2203sp4.x86_64.rpm" + }, + "name":"mpv-0.32.0-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-libs-devel-0.32.0-3.oe2203sp4.x86_64.rpm", + "name":"mpv-libs-devel-0.32.0-3.oe2203sp4.x86_64.rpm" + }, + "name":"mpv-libs-devel-0.32.0-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-libs-0.32.0-3.oe2203sp4.x86_64.rpm", + "name":"mpv-libs-0.32.0-3.oe2203sp4.x86_64.rpm" + }, + "name":"mpv-libs-0.32.0-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mpv-debuginfo-0.32.0-3.oe2203sp4.x86_64.rpm", + "name":"mpv-debuginfo-0.32.0-3.oe2203sp4.x86_64.rpm" + }, + "name":"mpv-debuginfo-0.32.0-3.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-debuginfo-0.32.0-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-debuginfo-0.32.0-3.oe2203sp4.aarch64", + "name":"mpv-debuginfo-0.32.0-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-0.32.0-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.aarch64", + "name":"mpv-0.32.0-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-libs-devel-0.32.0-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-libs-devel-0.32.0-3.oe2203sp4.aarch64", + "name":"mpv-libs-devel-0.32.0-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-libs-0.32.0-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-libs-0.32.0-3.oe2203sp4.aarch64", + "name":"mpv-libs-0.32.0-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-debugsource-0.32.0-3.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-debugsource-0.32.0-3.oe2203sp4.aarch64", + "name":"mpv-debugsource-0.32.0-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-0.32.0-3.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.src", + "name":"mpv-0.32.0-3.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-debugsource-0.32.0-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-debugsource-0.32.0-3.oe2203sp4.x86_64", + "name":"mpv-debugsource-0.32.0-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-0.32.0-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.x86_64", + "name":"mpv-0.32.0-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-libs-devel-0.32.0-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-libs-devel-0.32.0-3.oe2203sp4.x86_64", + "name":"mpv-libs-devel-0.32.0-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-libs-0.32.0-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-libs-0.32.0-3.oe2203sp4.x86_64", + "name":"mpv-libs-0.32.0-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mpv-debuginfo-0.32.0-3.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mpv-debuginfo-0.32.0-3.oe2203sp4.x86_64", + "name":"mpv-debuginfo-0.32.0-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2021-30145", + "notes":[ + { + "text":"A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mpv-debuginfo-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-libs-devel-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-libs-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-debugsource-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mpv-debugsource-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-libs-devel-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-libs-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-debuginfo-0.32.0-3.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mpv-debuginfo-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-libs-devel-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-libs-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-debugsource-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mpv-debugsource-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-libs-devel-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-libs-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-debuginfo-0.32.0-3.oe2203sp4.x86_64" + ], + "details":"mpv security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1930" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mpv-debuginfo-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-libs-devel-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-libs-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-debugsource-0.32.0-3.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mpv-debugsource-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-libs-devel-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-libs-0.32.0-3.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mpv-debuginfo-0.32.0-3.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2021-30145" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1931.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1931.json new file mode 100644 index 0000000..107b9c9 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1931.json @@ -0,0 +1,716 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"python-setuptools security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for python-setuptools is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4 and openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"Setuptools is a collection of enhancements to the Python distutils that allow you to more easily build and distribute Python packages, especially ones that have dependencies on other packages.\n\nSecurity Fix(es):\n\nA vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.(CVE-2024-6345)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for python-setuptools is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4 and openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"python-setuptools", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1931", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1931" + }, + { + "summary":"CVE-2024-6345", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6345&packageName=python-setuptools" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6345" + }, + { + "summary":"openEuler-SA-2024-1931 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1931.json" + } + ], + "title":"An update for python-setuptools is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4 and openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:06+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:06+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:06+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:06+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:06+08:00", + "id":"openEuler-SA-2024-1931", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python-setuptools-44.1.1-3.oe2003sp4.noarch.rpm", + "name":"python-setuptools-44.1.1-3.oe2003sp4.noarch.rpm" + }, + "name":"python-setuptools-44.1.1-3.oe2003sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python3-setuptools-44.1.1-3.oe2003sp4.noarch.rpm", + "name":"python3-setuptools-44.1.1-3.oe2003sp4.noarch.rpm" + }, + "name":"python3-setuptools-44.1.1-3.oe2003sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python2-setuptools-44.1.1-3.oe2003sp4.noarch.rpm", + "name":"python2-setuptools-44.1.1-3.oe2003sp4.noarch.rpm" + }, + "name":"python2-setuptools-44.1.1-3.oe2003sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python-setuptools-help-44.1.1-3.oe2003sp4.noarch.rpm", + "name":"python-setuptools-help-44.1.1-3.oe2003sp4.noarch.rpm" + }, + "name":"python-setuptools-help-44.1.1-3.oe2003sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-setuptools-59.4.0-6.oe2203sp1.noarch.rpm", + "name":"python3-setuptools-59.4.0-6.oe2203sp1.noarch.rpm" + }, + "name":"python3-setuptools-59.4.0-6.oe2203sp1.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python-setuptools-59.4.0-6.oe2203sp1.noarch.rpm", + "name":"python-setuptools-59.4.0-6.oe2203sp1.noarch.rpm" + }, + "name":"python-setuptools-59.4.0-6.oe2203sp1.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python-setuptools-help-59.4.0-6.oe2203sp1.noarch.rpm", + "name":"python-setuptools-help-59.4.0-6.oe2203sp1.noarch.rpm" + }, + "name":"python-setuptools-help-59.4.0-6.oe2203sp1.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-setuptools-59.4.0-6.oe2203sp3.noarch.rpm", + "name":"python3-setuptools-59.4.0-6.oe2203sp3.noarch.rpm" + }, + "name":"python3-setuptools-59.4.0-6.oe2203sp3.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python-setuptools-help-59.4.0-6.oe2203sp3.noarch.rpm", + "name":"python-setuptools-help-59.4.0-6.oe2203sp3.noarch.rpm" + }, + "name":"python-setuptools-help-59.4.0-6.oe2203sp3.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python-setuptools-59.4.0-6.oe2203sp3.noarch.rpm", + "name":"python-setuptools-59.4.0-6.oe2203sp3.noarch.rpm" + }, + "name":"python-setuptools-59.4.0-6.oe2203sp3.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python3-setuptools-59.4.0-6.oe2203sp4.noarch.rpm", + "name":"python3-setuptools-59.4.0-6.oe2203sp4.noarch.rpm" + }, + "name":"python3-setuptools-59.4.0-6.oe2203sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python-setuptools-59.4.0-6.oe2203sp4.noarch.rpm", + "name":"python-setuptools-59.4.0-6.oe2203sp4.noarch.rpm" + }, + "name":"python-setuptools-59.4.0-6.oe2203sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python-setuptools-help-59.4.0-6.oe2203sp4.noarch.rpm", + "name":"python-setuptools-help-59.4.0-6.oe2203sp4.noarch.rpm" + }, + "name":"python-setuptools-help-59.4.0-6.oe2203sp4.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-setuptools-68.0.0-2.oe2403.noarch.rpm", + "name":"python3-setuptools-68.0.0-2.oe2403.noarch.rpm" + }, + "name":"python3-setuptools-68.0.0-2.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python-setuptools-68.0.0-2.oe2403.noarch.rpm", + "name":"python-setuptools-68.0.0-2.oe2403.noarch.rpm" + }, + "name":"python-setuptools-68.0.0-2.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python-setuptools-help-68.0.0-2.oe2403.noarch.rpm", + "name":"python-setuptools-help-68.0.0-2.oe2403.noarch.rpm" + }, + "name":"python-setuptools-help-68.0.0-2.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python-setuptools-44.1.1-3.oe2003sp4.src.rpm", + "name":"python-setuptools-44.1.1-3.oe2003sp4.src.rpm" + }, + "name":"python-setuptools-44.1.1-3.oe2003sp4.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python-setuptools-59.4.0-6.oe2203sp1.src.rpm", + "name":"python-setuptools-59.4.0-6.oe2203sp1.src.rpm" + }, + "name":"python-setuptools-59.4.0-6.oe2203sp1.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python-setuptools-59.4.0-6.oe2203sp3.src.rpm", + "name":"python-setuptools-59.4.0-6.oe2203sp3.src.rpm" + }, + "name":"python-setuptools-59.4.0-6.oe2203sp3.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"python-setuptools-59.4.0-6.oe2203sp4.src.rpm", + "name":"python-setuptools-59.4.0-6.oe2203sp4.src.rpm" + }, + "name":"python-setuptools-59.4.0-6.oe2203sp4.src.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python-setuptools-68.0.0-2.oe2403.src.rpm", + "name":"python-setuptools-68.0.0-2.oe2403.src.rpm" + }, + "name":"python-setuptools-68.0.0-2.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python-setuptools-44.1.1-3.oe2003sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python-setuptools-44.1.1-3.oe2003sp4.noarch", + "name":"python-setuptools-44.1.1-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python3-setuptools-44.1.1-3.oe2003sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python3-setuptools-44.1.1-3.oe2003sp4.noarch", + "name":"python3-setuptools-44.1.1-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python2-setuptools-44.1.1-3.oe2003sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python2-setuptools-44.1.1-3.oe2003sp4.noarch", + "name":"python2-setuptools-44.1.1-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python-setuptools-help-44.1.1-3.oe2003sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python-setuptools-help-44.1.1-3.oe2003sp4.noarch", + "name":"python-setuptools-help-44.1.1-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-setuptools-59.4.0-6.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-setuptools-59.4.0-6.oe2203sp1.noarch", + "name":"python3-setuptools-59.4.0-6.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python-setuptools-59.4.0-6.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python-setuptools-59.4.0-6.oe2203sp1.noarch", + "name":"python-setuptools-59.4.0-6.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python-setuptools-help-59.4.0-6.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python-setuptools-help-59.4.0-6.oe2203sp1.noarch", + "name":"python-setuptools-help-59.4.0-6.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-setuptools-59.4.0-6.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-setuptools-59.4.0-6.oe2203sp3.noarch", + "name":"python3-setuptools-59.4.0-6.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python-setuptools-help-59.4.0-6.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python-setuptools-help-59.4.0-6.oe2203sp3.noarch", + "name":"python-setuptools-help-59.4.0-6.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python-setuptools-59.4.0-6.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python-setuptools-59.4.0-6.oe2203sp3.noarch", + "name":"python-setuptools-59.4.0-6.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python3-setuptools-59.4.0-6.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python3-setuptools-59.4.0-6.oe2203sp4.noarch", + "name":"python3-setuptools-59.4.0-6.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python-setuptools-59.4.0-6.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python-setuptools-59.4.0-6.oe2203sp4.noarch", + "name":"python-setuptools-59.4.0-6.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python-setuptools-help-59.4.0-6.oe2203sp4.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python-setuptools-help-59.4.0-6.oe2203sp4.noarch", + "name":"python-setuptools-help-59.4.0-6.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-setuptools-68.0.0-2.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-setuptools-68.0.0-2.oe2403.noarch", + "name":"python3-setuptools-68.0.0-2.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python-setuptools-68.0.0-2.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python-setuptools-68.0.0-2.oe2403.noarch", + "name":"python-setuptools-68.0.0-2.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python-setuptools-help-68.0.0-2.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python-setuptools-help-68.0.0-2.oe2403.noarch", + "name":"python-setuptools-help-68.0.0-2.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python-setuptools-44.1.1-3.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python-setuptools-44.1.1-3.oe2003sp4.src", + "name":"python-setuptools-44.1.1-3.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python-setuptools-59.4.0-6.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python-setuptools-59.4.0-6.oe2203sp1.src", + "name":"python-setuptools-59.4.0-6.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python-setuptools-59.4.0-6.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python-setuptools-59.4.0-6.oe2203sp3.src", + "name":"python-setuptools-59.4.0-6.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"python-setuptools-59.4.0-6.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:python-setuptools-59.4.0-6.oe2203sp4.src", + "name":"python-setuptools-59.4.0-6.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python-setuptools-68.0.0-2.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python-setuptools-68.0.0-2.oe2403.src", + "name":"python-setuptools-68.0.0-2.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-6345", + "notes":[ + { + "text":"A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:python-setuptools-44.1.1-3.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python3-setuptools-44.1.1-3.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python2-setuptools-44.1.1-3.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python-setuptools-help-44.1.1-3.oe2003sp4.noarch", + "openEuler-22.03-LTS-SP1:python3-setuptools-59.4.0-6.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python-setuptools-59.4.0-6.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python-setuptools-help-59.4.0-6.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP3:python3-setuptools-59.4.0-6.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python-setuptools-help-59.4.0-6.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python-setuptools-59.4.0-6.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP4:python3-setuptools-59.4.0-6.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python-setuptools-59.4.0-6.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python-setuptools-help-59.4.0-6.oe2203sp4.noarch", + "openEuler-24.03-LTS:python3-setuptools-68.0.0-2.oe2403.noarch", + "openEuler-24.03-LTS:python-setuptools-68.0.0-2.oe2403.noarch", + "openEuler-24.03-LTS:python-setuptools-help-68.0.0-2.oe2403.noarch", + "openEuler-20.03-LTS-SP4:python-setuptools-44.1.1-3.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:python-setuptools-59.4.0-6.oe2203sp1.src", + "openEuler-22.03-LTS-SP3:python-setuptools-59.4.0-6.oe2203sp3.src", + "openEuler-22.03-LTS-SP4:python-setuptools-59.4.0-6.oe2203sp4.src", + "openEuler-24.03-LTS:python-setuptools-68.0.0-2.oe2403.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:python-setuptools-44.1.1-3.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python3-setuptools-44.1.1-3.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python2-setuptools-44.1.1-3.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python-setuptools-help-44.1.1-3.oe2003sp4.noarch", + "openEuler-22.03-LTS-SP1:python3-setuptools-59.4.0-6.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python-setuptools-59.4.0-6.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python-setuptools-help-59.4.0-6.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP3:python3-setuptools-59.4.0-6.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python-setuptools-help-59.4.0-6.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python-setuptools-59.4.0-6.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP4:python3-setuptools-59.4.0-6.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python-setuptools-59.4.0-6.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python-setuptools-help-59.4.0-6.oe2203sp4.noarch", + "openEuler-24.03-LTS:python3-setuptools-68.0.0-2.oe2403.noarch", + "openEuler-24.03-LTS:python-setuptools-68.0.0-2.oe2403.noarch", + "openEuler-24.03-LTS:python-setuptools-help-68.0.0-2.oe2403.noarch", + "openEuler-20.03-LTS-SP4:python-setuptools-44.1.1-3.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:python-setuptools-59.4.0-6.oe2203sp1.src", + "openEuler-22.03-LTS-SP3:python-setuptools-59.4.0-6.oe2203sp3.src", + "openEuler-22.03-LTS-SP4:python-setuptools-59.4.0-6.oe2203sp4.src", + "openEuler-24.03-LTS:python-setuptools-68.0.0-2.oe2403.src" + ], + "details":"python-setuptools security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1931" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":8.8, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:python-setuptools-44.1.1-3.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python3-setuptools-44.1.1-3.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python2-setuptools-44.1.1-3.oe2003sp4.noarch", + "openEuler-20.03-LTS-SP4:python-setuptools-help-44.1.1-3.oe2003sp4.noarch", + "openEuler-22.03-LTS-SP1:python3-setuptools-59.4.0-6.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python-setuptools-59.4.0-6.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python-setuptools-help-59.4.0-6.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP3:python3-setuptools-59.4.0-6.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python-setuptools-help-59.4.0-6.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python-setuptools-59.4.0-6.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP4:python3-setuptools-59.4.0-6.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python-setuptools-59.4.0-6.oe2203sp4.noarch", + "openEuler-22.03-LTS-SP4:python-setuptools-help-59.4.0-6.oe2203sp4.noarch", + "openEuler-24.03-LTS:python3-setuptools-68.0.0-2.oe2403.noarch", + "openEuler-24.03-LTS:python-setuptools-68.0.0-2.oe2403.noarch", + "openEuler-24.03-LTS:python-setuptools-help-68.0.0-2.oe2403.noarch", + "openEuler-20.03-LTS-SP4:python-setuptools-44.1.1-3.oe2003sp4.src", + "openEuler-22.03-LTS-SP1:python-setuptools-59.4.0-6.oe2203sp1.src", + "openEuler-22.03-LTS-SP3:python-setuptools-59.4.0-6.oe2203sp3.src", + "openEuler-22.03-LTS-SP4:python-setuptools-59.4.0-6.oe2203sp4.src", + "openEuler-24.03-LTS:python-setuptools-68.0.0-2.oe2403.src" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-6345" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1932.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1932.json new file mode 100644 index 0000000..a906ad8 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1932.json @@ -0,0 +1,1692 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP3.", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21127)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21130)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21134)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21157)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21160)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21165)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2024-21166)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21177)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21179)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1932", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1932" + }, + { + "summary":"CVE-2024-21127", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21127&packageName=mysql" + }, + { + "summary":"CVE-2024-21130", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21130&packageName=mysql" + }, + { + "summary":"CVE-2024-21134", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21134&packageName=mysql" + }, + { + "summary":"CVE-2024-21157", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21157&packageName=mysql" + }, + { + "summary":"CVE-2024-21160", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21160&packageName=mysql" + }, + { + "summary":"CVE-2024-21165", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21165&packageName=mysql" + }, + { + "summary":"CVE-2024-21166", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21166&packageName=mysql" + }, + { + "summary":"CVE-2024-21177", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21177&packageName=mysql" + }, + { + "summary":"CVE-2024-21179", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21179&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21127" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21130" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21134" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21157" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21160" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21165" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21166" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21177" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21179" + }, + { + "summary":"openEuler-SA-2024-1932 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1932.json" + } + ], + "title":"An update for mysql is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:08+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:08+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:08+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:08+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:08+08:00", + "id":"openEuler-SA-2024-1932", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-8.0.38-1.oe2203sp3.src.rpm", + "name":"mysql-8.0.38-1.oe2203sp3.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-common-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-help-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-test-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-libs-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-devel-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-server-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-config-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-8.0.38-1.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "name":"mysql-8.0.38-1.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-devel-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-config-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-libs-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-help-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-common-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-test-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-server-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21127", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1932" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21127" + }, + { + "cve":"CVE-2024-21130", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1932" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21130" + }, + { + "cve":"CVE-2024-21134", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1932" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21134" + }, + { + "cve":"CVE-2024-21157", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1932" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21157" + }, + { + "cve":"CVE-2024-21160", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1932" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21160" + }, + { + "cve":"CVE-2024-21165", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1932" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21165" + }, + { + "cve":"CVE-2024-21166", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1932" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.9, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21166" + }, + { + "cve":"CVE-2024-21177", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1932" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21177" + }, + { + "cve":"CVE-2024-21179", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1932" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:mysql-debugsource-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-devel-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-config-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-libs-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-help-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-common-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-test-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-server-8.0.38-1.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:mysql-errmsg-8.0.38-1.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21179" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1933.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1933.json new file mode 100644 index 0000000..ed42aa9 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1933.json @@ -0,0 +1,1329 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP4.", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21127)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21130)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21134)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21165)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21177)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21179)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1933", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1933" + }, + { + "summary":"CVE-2024-21127", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21127&packageName=mysql" + }, + { + "summary":"CVE-2024-21130", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21130&packageName=mysql" + }, + { + "summary":"CVE-2024-21134", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21134&packageName=mysql" + }, + { + "summary":"CVE-2024-21165", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21165&packageName=mysql" + }, + { + "summary":"CVE-2024-21177", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21177&packageName=mysql" + }, + { + "summary":"CVE-2024-21179", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21179&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21127" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21130" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21134" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21165" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21177" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21179" + }, + { + "summary":"openEuler-SA-2024-1933 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1933.json" + } + ], + "title":"An update for mysql is now available for openEuler-22.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:09+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:09+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:09+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:09+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:09+08:00", + "id":"openEuler-SA-2024-1933", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"openEuler-22.03-LTS-SP4", + "name":"openEuler-22.03-LTS-SP4" + }, + "name":"openEuler-22.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-8.0.38-1.oe2203sp4.src.rpm", + "name":"mysql-8.0.38-1.oe2203sp4.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-server-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-common-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-config-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-help-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-devel-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-libs-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-test-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-8.0.38-1.oe2203sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "name":"mysql-8.0.38-1.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-help-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-test-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-server-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-config-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-common-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-libs-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP4", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64", + "name":"mysql-devel-8.0.38-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21127", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1933" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21127" + }, + { + "cve":"CVE-2024-21130", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1933" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21130" + }, + { + "cve":"CVE-2024-21134", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1933" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21134" + }, + { + "cve":"CVE-2024-21165", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1933" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21165" + }, + { + "cve":"CVE-2024-21177", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1933" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21177" + }, + { + "cve":"CVE-2024-21179", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1933" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.aarch64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.src", + "openEuler-22.03-LTS-SP4:mysql-help-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-test-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-server-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-debugsource-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-errmsg-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-config-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-common-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-libs-8.0.38-1.oe2203sp4.x86_64", + "openEuler-22.03-LTS-SP4:mysql-devel-8.0.38-1.oe2203sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21179" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1934.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1934.json new file mode 100644 index 0000000..e2eae3b --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1934.json @@ -0,0 +1,1813 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21127)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21130)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21134)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21137)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21157)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21160)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21165)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2024-21166)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21177)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21179)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1934", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1934" + }, + { + "summary":"CVE-2024-21127", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21127&packageName=mysql" + }, + { + "summary":"CVE-2024-21130", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21130&packageName=mysql" + }, + { + "summary":"CVE-2024-21134", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21134&packageName=mysql" + }, + { + "summary":"CVE-2024-21137", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21137&packageName=mysql" + }, + { + "summary":"CVE-2024-21157", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21157&packageName=mysql" + }, + { + "summary":"CVE-2024-21160", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21160&packageName=mysql" + }, + { + "summary":"CVE-2024-21165", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21165&packageName=mysql" + }, + { + "summary":"CVE-2024-21166", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21166&packageName=mysql" + }, + { + "summary":"CVE-2024-21177", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21177&packageName=mysql" + }, + { + "summary":"CVE-2024-21179", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21179&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21127" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21130" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21134" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21137" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21157" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21160" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21165" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21166" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21177" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21179" + }, + { + "summary":"openEuler-SA-2024-1934 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1934.json" + } + ], + "title":"An update for mysql is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:11+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:11+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:11+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:11+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:11+08:00", + "id":"openEuler-SA-2024-1934", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-config-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-server-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-common-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-help-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-test-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-8.0.38-1.oe2403.src.rpm", + "name":"mysql-8.0.38-1.oe2403.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-config-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-help-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-test-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-common-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-server-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-config-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "name":"mysql-config-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-devel-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "name":"mysql-devel-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-server-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "name":"mysql-server-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-common-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "name":"mysql-common-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-help-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "name":"mysql-help-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-test-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "name":"mysql-test-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "name":"mysql-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-libs-8.0.38-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "name":"mysql-libs-8.0.38-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-8.0.38-1.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "name":"mysql-8.0.38-1.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-config-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "name":"mysql-config-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "name":"mysql-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-help-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "name":"mysql-help-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-test-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "name":"mysql-test-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-common-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "name":"mysql-common-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-server-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "name":"mysql-server-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-devel-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "name":"mysql-devel-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-libs-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "name":"mysql-libs-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21127", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1934" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21127" + }, + { + "cve":"CVE-2024-21130", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1934" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21130" + }, + { + "cve":"CVE-2024-21134", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1934" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21134" + }, + { + "cve":"CVE-2024-21137", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1934" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21137" + }, + { + "cve":"CVE-2024-21157", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1934" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21157" + }, + { + "cve":"CVE-2024-21160", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1934" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21160" + }, + { + "cve":"CVE-2024-21165", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1934" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21165" + }, + { + "cve":"CVE-2024-21166", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1934" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.9, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21166" + }, + { + "cve":"CVE-2024-21177", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1934" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21177" + }, + { + "cve":"CVE-2024-21179", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1934" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.aarch64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.src", + "openEuler-24.03-LTS:mysql-config-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-help-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-test-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-common-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debugsource-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-server-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-devel-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-debuginfo-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-libs-8.0.38-1.oe2403.x86_64", + "openEuler-24.03-LTS:mysql-errmsg-8.0.38-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21179" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1935.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1935.json new file mode 100644 index 0000000..eafd6d2 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1935.json @@ -0,0 +1,1692 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"mysql security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP1.", + "category":"general", + "title":"Summary" + }, + { + "text":"The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21127)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21130)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21134)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21157)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21160)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21165)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2024-21166)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21177)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21179)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for mysql is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"mysql", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1935", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1935" + }, + { + "summary":"CVE-2024-21127", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21127&packageName=mysql" + }, + { + "summary":"CVE-2024-21130", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21130&packageName=mysql" + }, + { + "summary":"CVE-2024-21134", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21134&packageName=mysql" + }, + { + "summary":"CVE-2024-21157", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21157&packageName=mysql" + }, + { + "summary":"CVE-2024-21160", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21160&packageName=mysql" + }, + { + "summary":"CVE-2024-21165", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21165&packageName=mysql" + }, + { + "summary":"CVE-2024-21166", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21166&packageName=mysql" + }, + { + "summary":"CVE-2024-21177", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21177&packageName=mysql" + }, + { + "summary":"CVE-2024-21179", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21179&packageName=mysql" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21127" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21130" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21134" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21157" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21160" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21165" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21166" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21177" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21179" + }, + { + "summary":"openEuler-SA-2024-1935 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1935.json" + } + ], + "title":"An update for mysql is now available for openEuler-22.03-LTS-SP1", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:12+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:12+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:12+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:12+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:12+08:00", + "id":"openEuler-SA-2024-1935", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-8.0.38-1.oe2203sp1.src.rpm", + "name":"mysql-8.0.38-1.oe2203sp1.src.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp1.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm", + "name":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm" + }, + "name":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-common-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-libs-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-test-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-help-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-devel-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-server-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "name":"mysql-config-8.0.38-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-8.0.38-1.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "name":"mysql-8.0.38-1.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-errmsg-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-libs-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-server-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-debugsource-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-help-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-config-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-test-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-common-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64", + "name":"mysql-devel-8.0.38-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-21127", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1935" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21127" + }, + { + "cve":"CVE-2024-21130", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1935" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21130" + }, + { + "cve":"CVE-2024-21134", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1935" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21134" + }, + { + "cve":"CVE-2024-21157", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1935" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21157" + }, + { + "cve":"CVE-2024-21160", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1935" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21160" + }, + { + "cve":"CVE-2024-21165", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1935" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21165" + }, + { + "cve":"CVE-2024-21166", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1935" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.9, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21166" + }, + { + "cve":"CVE-2024-21177", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1935" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21177" + }, + { + "cve":"CVE-2024-21179", + "notes":[ + { + "text":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ], + "details":"mysql security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1935" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.9, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-errmsg-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-libs-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-server-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-debugsource-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-help-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-config-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-test-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-common-8.0.38-1.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:mysql-devel-8.0.38-1.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-21179" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1936.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1936.json new file mode 100644 index 0000000..fbb0083 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1936.json @@ -0,0 +1,494 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"ffmpeg security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for ffmpeg is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nFFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.(CVE-2024-32228)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for ffmpeg is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"ffmpeg", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1936", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1936" + }, + { + "summary":"CVE-2024-32228", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32228&packageName=ffmpeg" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32228" + }, + { + "summary":"openEuler-SA-2024-1936 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1936.json" + } + ], + "title":"An update for ffmpeg is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:14+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:14+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:14+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:14+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:14+08:00", + "id":"openEuler-SA-2024-1936", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64.rpm", + "name":"ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64.rpm" + }, + "name":"ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-6.1.1-11.oe2403.aarch64.rpm", + "name":"ffmpeg-6.1.1-11.oe2403.aarch64.rpm" + }, + "name":"ffmpeg-6.1.1-11.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libavdevice-6.1.1-11.oe2403.aarch64.rpm", + "name":"libavdevice-6.1.1-11.oe2403.aarch64.rpm" + }, + "name":"libavdevice-6.1.1-11.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-libs-6.1.1-11.oe2403.aarch64.rpm", + "name":"ffmpeg-libs-6.1.1-11.oe2403.aarch64.rpm" + }, + "name":"ffmpeg-libs-6.1.1-11.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-debugsource-6.1.1-11.oe2403.aarch64.rpm", + "name":"ffmpeg-debugsource-6.1.1-11.oe2403.aarch64.rpm" + }, + "name":"ffmpeg-debugsource-6.1.1-11.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-devel-6.1.1-11.oe2403.aarch64.rpm", + "name":"ffmpeg-devel-6.1.1-11.oe2403.aarch64.rpm" + }, + "name":"ffmpeg-devel-6.1.1-11.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-6.1.1-11.oe2403.src.rpm", + "name":"ffmpeg-6.1.1-11.oe2403.src.rpm" + }, + "name":"ffmpeg-6.1.1-11.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-debugsource-6.1.1-11.oe2403.x86_64.rpm", + "name":"ffmpeg-debugsource-6.1.1-11.oe2403.x86_64.rpm" + }, + "name":"ffmpeg-debugsource-6.1.1-11.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-libs-6.1.1-11.oe2403.x86_64.rpm", + "name":"ffmpeg-libs-6.1.1-11.oe2403.x86_64.rpm" + }, + "name":"ffmpeg-libs-6.1.1-11.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libavdevice-6.1.1-11.oe2403.x86_64.rpm", + "name":"libavdevice-6.1.1-11.oe2403.x86_64.rpm" + }, + "name":"libavdevice-6.1.1-11.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64.rpm", + "name":"ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64.rpm" + }, + "name":"ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-6.1.1-11.oe2403.x86_64.rpm", + "name":"ffmpeg-6.1.1-11.oe2403.x86_64.rpm" + }, + "name":"ffmpeg-6.1.1-11.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ffmpeg-devel-6.1.1-11.oe2403.x86_64.rpm", + "name":"ffmpeg-devel-6.1.1-11.oe2403.x86_64.rpm" + }, + "name":"ffmpeg-devel-6.1.1-11.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64", + "name":"ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-6.1.1-11.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64", + "name":"ffmpeg-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libavdevice-6.1.1-11.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64", + "name":"libavdevice-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-libs-6.1.1-11.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64", + "name":"ffmpeg-libs-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-debugsource-6.1.1-11.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64", + "name":"ffmpeg-debugsource-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-devel-6.1.1-11.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64", + "name":"ffmpeg-devel-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-6.1.1-11.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src", + "name":"ffmpeg-6.1.1-11.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-debugsource-6.1.1-11.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64", + "name":"ffmpeg-debugsource-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-libs-6.1.1-11.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64", + "name":"ffmpeg-libs-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libavdevice-6.1.1-11.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64", + "name":"libavdevice-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64", + "name":"ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-6.1.1-11.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64", + "name":"ffmpeg-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ffmpeg-devel-6.1.1-11.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64", + "name":"ffmpeg-devel-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-32228", + "notes":[ + { + "text":"FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src", + "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src", + "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64" + ], + "details":"ffmpeg security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1936" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64", + "openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src", + "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64", + "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-32228" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1937.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1937.json new file mode 100644 index 0000000..1d857c2 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1937.json @@ -0,0 +1,753 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"plasma-workspace security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for plasma-workspace is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"Plasma 5 libraries and runtime components\n\nSecurity Fix(es):\n\nKSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.(CVE-2024-36041)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for plasma-workspace is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"plasma-workspace", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1937", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1937" + }, + { + "summary":"CVE-2024-36041", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36041&packageName=plasma-workspace" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36041" + }, + { + "summary":"openEuler-SA-2024-1937 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1937.json" + } + ], + "title":"An update for plasma-workspace is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:15+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:15+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:15+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:15+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:15+08:00", + "id":"openEuler-SA-2024-1937", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-geolocation-libs-5.27.10-2.oe2403.aarch64.rpm", + "name":"plasma-workspace-geolocation-libs-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"plasma-workspace-geolocation-libs-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-debuginfo-5.27.10-2.oe2403.aarch64.rpm", + "name":"plasma-workspace-debuginfo-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"plasma-workspace-debuginfo-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libkworkspace5-5.27.10-2.oe2403.aarch64.rpm", + "name":"libkworkspace5-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"libkworkspace5-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-common-5.27.10-2.oe2403.aarch64.rpm", + "name":"plasma-workspace-common-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"plasma-workspace-common-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-wayland-5.27.10-2.oe2403.aarch64.rpm", + "name":"plasma-workspace-wayland-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"plasma-workspace-wayland-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-libs-5.27.10-2.oe2403.aarch64.rpm", + "name":"plasma-workspace-libs-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"plasma-workspace-libs-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-geolocation-5.27.10-2.oe2403.aarch64.rpm", + "name":"plasma-workspace-geolocation-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"plasma-workspace-geolocation-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-debugsource-5.27.10-2.oe2403.aarch64.rpm", + "name":"plasma-workspace-debugsource-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"plasma-workspace-debugsource-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-5.27.10-2.oe2403.aarch64.rpm", + "name":"plasma-workspace-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"plasma-workspace-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-devel-5.27.10-2.oe2403.aarch64.rpm", + "name":"plasma-workspace-devel-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"plasma-workspace-devel-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-x11-5.27.10-2.oe2403.aarch64.rpm", + "name":"plasma-workspace-x11-5.27.10-2.oe2403.aarch64.rpm" + }, + "name":"plasma-workspace-x11-5.27.10-2.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-doc-5.27.10-2.oe2403.noarch.rpm", + "name":"plasma-workspace-doc-5.27.10-2.oe2403.noarch.rpm" + }, + "name":"plasma-workspace-doc-5.27.10-2.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-5.27.10-2.oe2403.src.rpm", + "name":"plasma-workspace-5.27.10-2.oe2403.src.rpm" + }, + "name":"plasma-workspace-5.27.10-2.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-5.27.10-2.oe2403.x86_64.rpm", + "name":"plasma-workspace-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"plasma-workspace-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-wayland-5.27.10-2.oe2403.x86_64.rpm", + "name":"plasma-workspace-wayland-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"plasma-workspace-wayland-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-libs-5.27.10-2.oe2403.x86_64.rpm", + "name":"plasma-workspace-libs-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"plasma-workspace-libs-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-geolocation-libs-5.27.10-2.oe2403.x86_64.rpm", + "name":"plasma-workspace-geolocation-libs-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"plasma-workspace-geolocation-libs-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-geolocation-5.27.10-2.oe2403.x86_64.rpm", + "name":"plasma-workspace-geolocation-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"plasma-workspace-geolocation-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-debuginfo-5.27.10-2.oe2403.x86_64.rpm", + "name":"plasma-workspace-debuginfo-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"plasma-workspace-debuginfo-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-common-5.27.10-2.oe2403.x86_64.rpm", + "name":"plasma-workspace-common-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"plasma-workspace-common-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-debugsource-5.27.10-2.oe2403.x86_64.rpm", + "name":"plasma-workspace-debugsource-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"plasma-workspace-debugsource-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-x11-5.27.10-2.oe2403.x86_64.rpm", + "name":"plasma-workspace-x11-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"plasma-workspace-x11-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"plasma-workspace-devel-5.27.10-2.oe2403.x86_64.rpm", + "name":"plasma-workspace-devel-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"plasma-workspace-devel-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libkworkspace5-5.27.10-2.oe2403.x86_64.rpm", + "name":"libkworkspace5-5.27.10-2.oe2403.x86_64.rpm" + }, + "name":"libkworkspace5-5.27.10-2.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-geolocation-libs-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-geolocation-libs-5.27.10-2.oe2403.aarch64", + "name":"plasma-workspace-geolocation-libs-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-debuginfo-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-debuginfo-5.27.10-2.oe2403.aarch64", + "name":"plasma-workspace-debuginfo-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libkworkspace5-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libkworkspace5-5.27.10-2.oe2403.aarch64", + "name":"libkworkspace5-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-common-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-common-5.27.10-2.oe2403.aarch64", + "name":"plasma-workspace-common-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-wayland-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-wayland-5.27.10-2.oe2403.aarch64", + "name":"plasma-workspace-wayland-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-libs-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-libs-5.27.10-2.oe2403.aarch64", + "name":"plasma-workspace-libs-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-geolocation-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-geolocation-5.27.10-2.oe2403.aarch64", + "name":"plasma-workspace-geolocation-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-debugsource-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-debugsource-5.27.10-2.oe2403.aarch64", + "name":"plasma-workspace-debugsource-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.aarch64", + "name":"plasma-workspace-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-devel-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-devel-5.27.10-2.oe2403.aarch64", + "name":"plasma-workspace-devel-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-x11-5.27.10-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-x11-5.27.10-2.oe2403.aarch64", + "name":"plasma-workspace-x11-5.27.10-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-doc-5.27.10-2.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-doc-5.27.10-2.oe2403.noarch", + "name":"plasma-workspace-doc-5.27.10-2.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-5.27.10-2.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.src", + "name":"plasma-workspace-5.27.10-2.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.x86_64", + "name":"plasma-workspace-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-wayland-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-wayland-5.27.10-2.oe2403.x86_64", + "name":"plasma-workspace-wayland-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-libs-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-libs-5.27.10-2.oe2403.x86_64", + "name":"plasma-workspace-libs-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-geolocation-libs-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-geolocation-libs-5.27.10-2.oe2403.x86_64", + "name":"plasma-workspace-geolocation-libs-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-geolocation-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-geolocation-5.27.10-2.oe2403.x86_64", + "name":"plasma-workspace-geolocation-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-debuginfo-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-debuginfo-5.27.10-2.oe2403.x86_64", + "name":"plasma-workspace-debuginfo-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-common-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-common-5.27.10-2.oe2403.x86_64", + "name":"plasma-workspace-common-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-debugsource-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-debugsource-5.27.10-2.oe2403.x86_64", + "name":"plasma-workspace-debugsource-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-x11-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-x11-5.27.10-2.oe2403.x86_64", + "name":"plasma-workspace-x11-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"plasma-workspace-devel-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:plasma-workspace-devel-5.27.10-2.oe2403.x86_64", + "name":"plasma-workspace-devel-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libkworkspace5-5.27.10-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libkworkspace5-5.27.10-2.oe2403.x86_64", + "name":"libkworkspace5-5.27.10-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-36041", + "notes":[ + { + "text":"KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:plasma-workspace-geolocation-libs-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-debuginfo-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:libkworkspace5-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-common-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-wayland-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-libs-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-geolocation-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-debugsource-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-devel-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-x11-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-doc-5.27.10-2.oe2403.noarch", + "openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.src", + "openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-wayland-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-libs-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-geolocation-libs-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-geolocation-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-debuginfo-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-common-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-debugsource-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-x11-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-devel-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:libkworkspace5-5.27.10-2.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:plasma-workspace-geolocation-libs-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-debuginfo-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:libkworkspace5-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-common-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-wayland-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-libs-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-geolocation-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-debugsource-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-devel-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-x11-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-doc-5.27.10-2.oe2403.noarch", + "openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.src", + "openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-wayland-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-libs-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-geolocation-libs-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-geolocation-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-debuginfo-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-common-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-debugsource-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-x11-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-devel-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:libkworkspace5-5.27.10-2.oe2403.x86_64" + ], + "details":"plasma-workspace security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1937" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:plasma-workspace-geolocation-libs-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-debuginfo-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:libkworkspace5-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-common-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-wayland-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-libs-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-geolocation-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-debugsource-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-devel-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-x11-5.27.10-2.oe2403.aarch64", + "openEuler-24.03-LTS:plasma-workspace-doc-5.27.10-2.oe2403.noarch", + "openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.src", + "openEuler-24.03-LTS:plasma-workspace-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-wayland-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-libs-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-geolocation-libs-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-geolocation-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-debuginfo-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-common-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-debugsource-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-x11-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:plasma-workspace-devel-5.27.10-2.oe2403.x86_64", + "openEuler-24.03-LTS:libkworkspace5-5.27.10-2.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-36041" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1938.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1938.json new file mode 100644 index 0000000..21032b2 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1938.json @@ -0,0 +1,1006 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"ruby security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for ruby is now available for master/openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).\n\nSecurity Fix(es):\n\nRubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-based metadata of a gem. YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). This was patched. There is is no action required by users. This issue is also tracked as GHSL-2024-001 and was discovered by the GitHub security lab.(CVE-2024-35221)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for ruby is now available for master/openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"ruby", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1938", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1938" + }, + { + "summary":"CVE-2024-35221", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35221&packageName=ruby" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35221" + }, + { + "summary":"openEuler-SA-2024-1938 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1938.json" + } + ], + "title":"An update for ruby is now available for master/openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:16+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:16+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:16+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:16+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:16+08:00", + "id":"openEuler-SA-2024-1938", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-bigdecimal-3.1.3-142.oe2403.aarch64.rpm", + "name":"rubygem-bigdecimal-3.1.3-142.oe2403.aarch64.rpm" + }, + "name":"rubygem-bigdecimal-3.1.3-142.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-json-2.6.3-142.oe2403.aarch64.rpm", + "name":"rubygem-json-2.6.3-142.oe2403.aarch64.rpm" + }, + "name":"rubygem-json-2.6.3-142.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-3.2.2-142.oe2403.aarch64.rpm", + "name":"ruby-3.2.2-142.oe2403.aarch64.rpm" + }, + "name":"ruby-3.2.2-142.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-debugsource-3.2.2-142.oe2403.aarch64.rpm", + "name":"ruby-debugsource-3.2.2-142.oe2403.aarch64.rpm" + }, + "name":"ruby-debugsource-3.2.2-142.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-io-console-0.6.0-142.oe2403.aarch64.rpm", + "name":"rubygem-io-console-0.6.0-142.oe2403.aarch64.rpm" + }, + "name":"rubygem-io-console-0.6.0-142.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-devel-3.2.2-142.oe2403.aarch64.rpm", + "name":"ruby-devel-3.2.2-142.oe2403.aarch64.rpm" + }, + "name":"ruby-devel-3.2.2-142.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-bundled-gems-3.2.2-142.oe2403.aarch64.rpm", + "name":"ruby-bundled-gems-3.2.2-142.oe2403.aarch64.rpm" + }, + "name":"ruby-bundled-gems-3.2.2-142.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-psych-5.0.1-142.oe2403.aarch64.rpm", + "name":"rubygem-psych-5.0.1-142.oe2403.aarch64.rpm" + }, + "name":"rubygem-psych-5.0.1-142.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-debuginfo-3.2.2-142.oe2403.aarch64.rpm", + "name":"ruby-debuginfo-3.2.2-142.oe2403.aarch64.rpm" + }, + "name":"ruby-debuginfo-3.2.2-142.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-openssl-3.1.0-142.oe2403.aarch64.rpm", + "name":"rubygem-openssl-3.1.0-142.oe2403.aarch64.rpm" + }, + "name":"rubygem-openssl-3.1.0-142.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-rbs-2.8.2-142.oe2403.aarch64.rpm", + "name":"rubygem-rbs-2.8.2-142.oe2403.aarch64.rpm" + }, + "name":"rubygem-rbs-2.8.2-142.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-did_you_mean-1.6.3-142.oe2403.noarch.rpm", + "name":"rubygem-did_you_mean-1.6.3-142.oe2403.noarch.rpm" + }, + "name":"rubygem-did_you_mean-1.6.3-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-rexml-3.2.5-142.oe2403.noarch.rpm", + "name":"rubygem-rexml-3.2.5-142.oe2403.noarch.rpm" + }, + "name":"rubygem-rexml-3.2.5-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-test-unit-3.5.7-142.oe2403.noarch.rpm", + "name":"rubygem-test-unit-3.5.7-142.oe2403.noarch.rpm" + }, + "name":"rubygem-test-unit-3.5.7-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-irb-3.2.2-142.oe2403.noarch.rpm", + "name":"ruby-irb-3.2.2-142.oe2403.noarch.rpm" + }, + "name":"ruby-irb-3.2.2-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-minitest-5.16.3-142.oe2403.noarch.rpm", + "name":"rubygem-minitest-5.16.3-142.oe2403.noarch.rpm" + }, + "name":"rubygem-minitest-5.16.3-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygems-3.4.10-142.oe2403.noarch.rpm", + "name":"rubygems-3.4.10-142.oe2403.noarch.rpm" + }, + "name":"rubygems-3.4.10-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygems-devel-3.4.10-142.oe2403.noarch.rpm", + "name":"rubygems-devel-3.4.10-142.oe2403.noarch.rpm" + }, + "name":"rubygems-devel-3.4.10-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-rake-13.0.6-142.oe2403.noarch.rpm", + "name":"rubygem-rake-13.0.6-142.oe2403.noarch.rpm" + }, + "name":"rubygem-rake-13.0.6-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-rdoc-6.5.0-142.oe2403.noarch.rpm", + "name":"rubygem-rdoc-6.5.0-142.oe2403.noarch.rpm" + }, + "name":"rubygem-rdoc-6.5.0-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-help-3.2.2-142.oe2403.noarch.rpm", + "name":"ruby-help-3.2.2-142.oe2403.noarch.rpm" + }, + "name":"ruby-help-3.2.2-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-rss-0.2.9-142.oe2403.noarch.rpm", + "name":"rubygem-rss-0.2.9-142.oe2403.noarch.rpm" + }, + "name":"rubygem-rss-0.2.9-142.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-typeprof-0.21.3-142.oe2403.noarch.rpm", + "name":"rubygem-typeprof-0.21.3-142.oe2403.noarch.rpm" + }, + "name":"rubygem-typeprof-0.21.3-142.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-3.2.2-142.oe2403.src.rpm", + "name":"ruby-3.2.2-142.oe2403.src.rpm" + }, + "name":"ruby-3.2.2-142.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-rbs-2.8.2-142.oe2403.x86_64.rpm", + "name":"rubygem-rbs-2.8.2-142.oe2403.x86_64.rpm" + }, + "name":"rubygem-rbs-2.8.2-142.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-json-2.6.3-142.oe2403.x86_64.rpm", + "name":"rubygem-json-2.6.3-142.oe2403.x86_64.rpm" + }, + "name":"rubygem-json-2.6.3-142.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-3.2.2-142.oe2403.x86_64.rpm", + "name":"ruby-3.2.2-142.oe2403.x86_64.rpm" + }, + "name":"ruby-3.2.2-142.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-openssl-3.1.0-142.oe2403.x86_64.rpm", + "name":"rubygem-openssl-3.1.0-142.oe2403.x86_64.rpm" + }, + "name":"rubygem-openssl-3.1.0-142.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-debuginfo-3.2.2-142.oe2403.x86_64.rpm", + "name":"ruby-debuginfo-3.2.2-142.oe2403.x86_64.rpm" + }, + "name":"ruby-debuginfo-3.2.2-142.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-bundled-gems-3.2.2-142.oe2403.x86_64.rpm", + "name":"ruby-bundled-gems-3.2.2-142.oe2403.x86_64.rpm" + }, + "name":"ruby-bundled-gems-3.2.2-142.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-io-console-0.6.0-142.oe2403.x86_64.rpm", + "name":"rubygem-io-console-0.6.0-142.oe2403.x86_64.rpm" + }, + "name":"rubygem-io-console-0.6.0-142.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-debugsource-3.2.2-142.oe2403.x86_64.rpm", + "name":"ruby-debugsource-3.2.2-142.oe2403.x86_64.rpm" + }, + "name":"ruby-debugsource-3.2.2-142.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"ruby-devel-3.2.2-142.oe2403.x86_64.rpm", + "name":"ruby-devel-3.2.2-142.oe2403.x86_64.rpm" + }, + "name":"ruby-devel-3.2.2-142.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-psych-5.0.1-142.oe2403.x86_64.rpm", + "name":"rubygem-psych-5.0.1-142.oe2403.x86_64.rpm" + }, + "name":"rubygem-psych-5.0.1-142.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"rubygem-bigdecimal-3.1.3-142.oe2403.x86_64.rpm", + "name":"rubygem-bigdecimal-3.1.3-142.oe2403.x86_64.rpm" + }, + "name":"rubygem-bigdecimal-3.1.3-142.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-bigdecimal-3.1.3-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-bigdecimal-3.1.3-142.oe2403.aarch64", + "name":"rubygem-bigdecimal-3.1.3-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-json-2.6.3-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-json-2.6.3-142.oe2403.aarch64", + "name":"rubygem-json-2.6.3-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-3.2.2-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.aarch64", + "name":"ruby-3.2.2-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-debugsource-3.2.2-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-debugsource-3.2.2-142.oe2403.aarch64", + "name":"ruby-debugsource-3.2.2-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-io-console-0.6.0-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-io-console-0.6.0-142.oe2403.aarch64", + "name":"rubygem-io-console-0.6.0-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-devel-3.2.2-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-devel-3.2.2-142.oe2403.aarch64", + "name":"ruby-devel-3.2.2-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-bundled-gems-3.2.2-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-bundled-gems-3.2.2-142.oe2403.aarch64", + "name":"ruby-bundled-gems-3.2.2-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-psych-5.0.1-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-psych-5.0.1-142.oe2403.aarch64", + "name":"rubygem-psych-5.0.1-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-debuginfo-3.2.2-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-debuginfo-3.2.2-142.oe2403.aarch64", + "name":"ruby-debuginfo-3.2.2-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-openssl-3.1.0-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-openssl-3.1.0-142.oe2403.aarch64", + "name":"rubygem-openssl-3.1.0-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-rbs-2.8.2-142.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-rbs-2.8.2-142.oe2403.aarch64", + "name":"rubygem-rbs-2.8.2-142.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-did_you_mean-1.6.3-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-did_you_mean-1.6.3-142.oe2403.noarch", + "name":"rubygem-did_you_mean-1.6.3-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-rexml-3.2.5-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-rexml-3.2.5-142.oe2403.noarch", + "name":"rubygem-rexml-3.2.5-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-test-unit-3.5.7-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-test-unit-3.5.7-142.oe2403.noarch", + "name":"rubygem-test-unit-3.5.7-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-irb-3.2.2-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-irb-3.2.2-142.oe2403.noarch", + "name":"ruby-irb-3.2.2-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-minitest-5.16.3-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-minitest-5.16.3-142.oe2403.noarch", + "name":"rubygem-minitest-5.16.3-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygems-3.4.10-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygems-3.4.10-142.oe2403.noarch", + "name":"rubygems-3.4.10-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygems-devel-3.4.10-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygems-devel-3.4.10-142.oe2403.noarch", + "name":"rubygems-devel-3.4.10-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-rake-13.0.6-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-rake-13.0.6-142.oe2403.noarch", + "name":"rubygem-rake-13.0.6-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-rdoc-6.5.0-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-rdoc-6.5.0-142.oe2403.noarch", + "name":"rubygem-rdoc-6.5.0-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-help-3.2.2-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-help-3.2.2-142.oe2403.noarch", + "name":"ruby-help-3.2.2-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-rss-0.2.9-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-rss-0.2.9-142.oe2403.noarch", + "name":"rubygem-rss-0.2.9-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-typeprof-0.21.3-142.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-typeprof-0.21.3-142.oe2403.noarch", + "name":"rubygem-typeprof-0.21.3-142.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-3.2.2-142.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.src", + "name":"ruby-3.2.2-142.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-rbs-2.8.2-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-rbs-2.8.2-142.oe2403.x86_64", + "name":"rubygem-rbs-2.8.2-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-json-2.6.3-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-json-2.6.3-142.oe2403.x86_64", + "name":"rubygem-json-2.6.3-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-3.2.2-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.x86_64", + "name":"ruby-3.2.2-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-openssl-3.1.0-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-openssl-3.1.0-142.oe2403.x86_64", + "name":"rubygem-openssl-3.1.0-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-debuginfo-3.2.2-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-debuginfo-3.2.2-142.oe2403.x86_64", + "name":"ruby-debuginfo-3.2.2-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-bundled-gems-3.2.2-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-bundled-gems-3.2.2-142.oe2403.x86_64", + "name":"ruby-bundled-gems-3.2.2-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-io-console-0.6.0-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-io-console-0.6.0-142.oe2403.x86_64", + "name":"rubygem-io-console-0.6.0-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-debugsource-3.2.2-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-debugsource-3.2.2-142.oe2403.x86_64", + "name":"ruby-debugsource-3.2.2-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"ruby-devel-3.2.2-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:ruby-devel-3.2.2-142.oe2403.x86_64", + "name":"ruby-devel-3.2.2-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-psych-5.0.1-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-psych-5.0.1-142.oe2403.x86_64", + "name":"rubygem-psych-5.0.1-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"rubygem-bigdecimal-3.1.3-142.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:rubygem-bigdecimal-3.1.3-142.oe2403.x86_64", + "name":"rubygem-bigdecimal-3.1.3-142.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-35221", + "notes":[ + { + "text":"Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-based metadata of a gem. YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). This was patched. There is is no action required by users. This issue is also tracked as GHSL-2024-001 and was discovered by the GitHub security lab.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:rubygem-bigdecimal-3.1.3-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-json-2.6.3-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-debugsource-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-io-console-0.6.0-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-devel-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-bundled-gems-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-psych-5.0.1-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-debuginfo-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-openssl-3.1.0-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-rbs-2.8.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-did_you_mean-1.6.3-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rexml-3.2.5-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-test-unit-3.5.7-142.oe2403.noarch", + "openEuler-24.03-LTS:ruby-irb-3.2.2-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-minitest-5.16.3-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygems-3.4.10-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygems-devel-3.4.10-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rake-13.0.6-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rdoc-6.5.0-142.oe2403.noarch", + "openEuler-24.03-LTS:ruby-help-3.2.2-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rss-0.2.9-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-typeprof-0.21.3-142.oe2403.noarch", + "openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.src", + "openEuler-24.03-LTS:rubygem-rbs-2.8.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-json-2.6.3-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-openssl-3.1.0-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-debuginfo-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-bundled-gems-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-io-console-0.6.0-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-debugsource-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-devel-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-psych-5.0.1-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-bigdecimal-3.1.3-142.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:rubygem-bigdecimal-3.1.3-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-json-2.6.3-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-debugsource-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-io-console-0.6.0-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-devel-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-bundled-gems-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-psych-5.0.1-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-debuginfo-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-openssl-3.1.0-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-rbs-2.8.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-did_you_mean-1.6.3-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rexml-3.2.5-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-test-unit-3.5.7-142.oe2403.noarch", + "openEuler-24.03-LTS:ruby-irb-3.2.2-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-minitest-5.16.3-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygems-3.4.10-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygems-devel-3.4.10-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rake-13.0.6-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rdoc-6.5.0-142.oe2403.noarch", + "openEuler-24.03-LTS:ruby-help-3.2.2-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rss-0.2.9-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-typeprof-0.21.3-142.oe2403.noarch", + "openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.src", + "openEuler-24.03-LTS:rubygem-rbs-2.8.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-json-2.6.3-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-openssl-3.1.0-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-debuginfo-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-bundled-gems-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-io-console-0.6.0-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-debugsource-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-devel-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-psych-5.0.1-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-bigdecimal-3.1.3-142.oe2403.x86_64" + ], + "details":"ruby security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1938" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.3, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:rubygem-bigdecimal-3.1.3-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-json-2.6.3-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-debugsource-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-io-console-0.6.0-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-devel-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-bundled-gems-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-psych-5.0.1-142.oe2403.aarch64", + "openEuler-24.03-LTS:ruby-debuginfo-3.2.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-openssl-3.1.0-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-rbs-2.8.2-142.oe2403.aarch64", + "openEuler-24.03-LTS:rubygem-did_you_mean-1.6.3-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rexml-3.2.5-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-test-unit-3.5.7-142.oe2403.noarch", + "openEuler-24.03-LTS:ruby-irb-3.2.2-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-minitest-5.16.3-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygems-3.4.10-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygems-devel-3.4.10-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rake-13.0.6-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rdoc-6.5.0-142.oe2403.noarch", + "openEuler-24.03-LTS:ruby-help-3.2.2-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-rss-0.2.9-142.oe2403.noarch", + "openEuler-24.03-LTS:rubygem-typeprof-0.21.3-142.oe2403.noarch", + "openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.src", + "openEuler-24.03-LTS:rubygem-rbs-2.8.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-json-2.6.3-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-openssl-3.1.0-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-debuginfo-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-bundled-gems-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-io-console-0.6.0-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-debugsource-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:ruby-devel-3.2.2-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-psych-5.0.1-142.oe2403.x86_64", + "openEuler-24.03-LTS:rubygem-bigdecimal-3.1.3-142.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-35221" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1939.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1939.json new file mode 100644 index 0000000..1629b2a --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1939.json @@ -0,0 +1,429 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"firefox security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for firefox is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\n\nSecurity Fix(es):\n\nIf a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.(CVE-2024-5688)\n\nA mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.(CVE-2024-6602)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for firefox is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"firefox", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1939", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1939" + }, + { + "summary":"CVE-2024-5688", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5688&packageName=firefox" + }, + { + "summary":"CVE-2024-6602", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6602&packageName=firefox" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5688" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6602" + }, + { + "summary":"openEuler-SA-2024-1939 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1939.json" + } + ], + "title":"An update for firefox is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:17+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:17+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:17+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:17+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:17+08:00", + "id":"openEuler-SA-2024-1939", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"firefox-debugsource-115.13.0-1.oe2403.aarch64.rpm", + "name":"firefox-debugsource-115.13.0-1.oe2403.aarch64.rpm" + }, + "name":"firefox-debugsource-115.13.0-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"firefox-debuginfo-115.13.0-1.oe2403.aarch64.rpm", + "name":"firefox-debuginfo-115.13.0-1.oe2403.aarch64.rpm" + }, + "name":"firefox-debuginfo-115.13.0-1.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"firefox-115.13.0-1.oe2403.aarch64.rpm", + "name":"firefox-115.13.0-1.oe2403.aarch64.rpm" + }, + "name":"firefox-115.13.0-1.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"firefox-115.13.0-1.oe2403.src.rpm", + "name":"firefox-115.13.0-1.oe2403.src.rpm" + }, + "name":"firefox-115.13.0-1.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"firefox-debugsource-115.13.0-1.oe2403.x86_64.rpm", + "name":"firefox-debugsource-115.13.0-1.oe2403.x86_64.rpm" + }, + "name":"firefox-debugsource-115.13.0-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"firefox-debuginfo-115.13.0-1.oe2403.x86_64.rpm", + "name":"firefox-debuginfo-115.13.0-1.oe2403.x86_64.rpm" + }, + "name":"firefox-debuginfo-115.13.0-1.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"firefox-115.13.0-1.oe2403.x86_64.rpm", + "name":"firefox-115.13.0-1.oe2403.x86_64.rpm" + }, + "name":"firefox-115.13.0-1.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"firefox-debugsource-115.13.0-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.aarch64", + "name":"firefox-debugsource-115.13.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"firefox-debuginfo-115.13.0-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.aarch64", + "name":"firefox-debuginfo-115.13.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"firefox-115.13.0-1.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.aarch64", + "name":"firefox-115.13.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"firefox-115.13.0-1.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.src", + "name":"firefox-115.13.0-1.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"firefox-debugsource-115.13.0-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.x86_64", + "name":"firefox-debugsource-115.13.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"firefox-debuginfo-115.13.0-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.x86_64", + "name":"firefox-debuginfo-115.13.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"firefox-115.13.0-1.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.x86_64", + "name":"firefox-115.13.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-5688", + "notes":[ + { + "text":"If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.src", + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.src", + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.x86_64" + ], + "details":"firefox security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1939" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.src", + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-5688" + }, + { + "cve":"CVE-2024-6602", + "notes":[ + { + "text":"A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.src", + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.src", + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.x86_64" + ], + "details":"firefox security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1939" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.1, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.aarch64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.src", + "openEuler-24.03-LTS:firefox-debugsource-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-debuginfo-115.13.0-1.oe2403.x86_64", + "openEuler-24.03-LTS:firefox-115.13.0-1.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-6602" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1940.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1940.json new file mode 100644 index 0000000..1026227 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1940.json @@ -0,0 +1,669 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"python3 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for python3 is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces.\n\nSecurity Fix(es):\n\nA defect was discovered in the Python “ssl” module where there is a memory\nrace condition with the ssl.SSLContext methods “cert_store_stats()” and\n“get_ca_certs()”. The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.(CVE-2024-0397)\n\nThe “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.(CVE-2024-4032)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for python3 is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"python3", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1940", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1940" + }, + { + "summary":"CVE-2024-0397", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-0397&packageName=python3" + }, + { + "summary":"CVE-2024-4032", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-4032&packageName=python3" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0397" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4032" + }, + { + "summary":"openEuler-SA-2024-1940 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1940.json" + } + ], + "title":"An update for python3 is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:19+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:19+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:19+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:19+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:19+08:00", + "id":"openEuler-SA-2024-1940", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-devel-3.11.6-4.oe2403.aarch64.rpm", + "name":"python3-devel-3.11.6-4.oe2403.aarch64.rpm" + }, + "name":"python3-devel-3.11.6-4.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-debuginfo-3.11.6-4.oe2403.aarch64.rpm", + "name":"python3-debuginfo-3.11.6-4.oe2403.aarch64.rpm" + }, + "name":"python3-debuginfo-3.11.6-4.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-unversioned-command-3.11.6-4.oe2403.aarch64.rpm", + "name":"python3-unversioned-command-3.11.6-4.oe2403.aarch64.rpm" + }, + "name":"python3-unversioned-command-3.11.6-4.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-debugsource-3.11.6-4.oe2403.aarch64.rpm", + "name":"python3-debugsource-3.11.6-4.oe2403.aarch64.rpm" + }, + "name":"python3-debugsource-3.11.6-4.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-tkinter-3.11.6-4.oe2403.aarch64.rpm", + "name":"python3-tkinter-3.11.6-4.oe2403.aarch64.rpm" + }, + "name":"python3-tkinter-3.11.6-4.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-debug-3.11.6-4.oe2403.aarch64.rpm", + "name":"python3-debug-3.11.6-4.oe2403.aarch64.rpm" + }, + "name":"python3-debug-3.11.6-4.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-3.11.6-4.oe2403.aarch64.rpm", + "name":"python3-3.11.6-4.oe2403.aarch64.rpm" + }, + "name":"python3-3.11.6-4.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-help-3.11.6-4.oe2403.noarch.rpm", + "name":"python3-help-3.11.6-4.oe2403.noarch.rpm" + }, + "name":"python3-help-3.11.6-4.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-3.11.6-4.oe2403.src.rpm", + "name":"python3-3.11.6-4.oe2403.src.rpm" + }, + "name":"python3-3.11.6-4.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-unversioned-command-3.11.6-4.oe2403.x86_64.rpm", + "name":"python3-unversioned-command-3.11.6-4.oe2403.x86_64.rpm" + }, + "name":"python3-unversioned-command-3.11.6-4.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-debuginfo-3.11.6-4.oe2403.x86_64.rpm", + "name":"python3-debuginfo-3.11.6-4.oe2403.x86_64.rpm" + }, + "name":"python3-debuginfo-3.11.6-4.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-debugsource-3.11.6-4.oe2403.x86_64.rpm", + "name":"python3-debugsource-3.11.6-4.oe2403.x86_64.rpm" + }, + "name":"python3-debugsource-3.11.6-4.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-tkinter-3.11.6-4.oe2403.x86_64.rpm", + "name":"python3-tkinter-3.11.6-4.oe2403.x86_64.rpm" + }, + "name":"python3-tkinter-3.11.6-4.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-devel-3.11.6-4.oe2403.x86_64.rpm", + "name":"python3-devel-3.11.6-4.oe2403.x86_64.rpm" + }, + "name":"python3-devel-3.11.6-4.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-debug-3.11.6-4.oe2403.x86_64.rpm", + "name":"python3-debug-3.11.6-4.oe2403.x86_64.rpm" + }, + "name":"python3-debug-3.11.6-4.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-3.11.6-4.oe2403.x86_64.rpm", + "name":"python3-3.11.6-4.oe2403.x86_64.rpm" + }, + "name":"python3-3.11.6-4.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-devel-3.11.6-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.aarch64", + "name":"python3-devel-3.11.6-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-debuginfo-3.11.6-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.aarch64", + "name":"python3-debuginfo-3.11.6-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-unversioned-command-3.11.6-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.aarch64", + "name":"python3-unversioned-command-3.11.6-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-debugsource-3.11.6-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.aarch64", + "name":"python3-debugsource-3.11.6-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-tkinter-3.11.6-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.aarch64", + "name":"python3-tkinter-3.11.6-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-debug-3.11.6-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.aarch64", + "name":"python3-debug-3.11.6-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-3.11.6-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-3.11.6-4.oe2403.aarch64", + "name":"python3-3.11.6-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-help-3.11.6-4.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-help-3.11.6-4.oe2403.noarch", + "name":"python3-help-3.11.6-4.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-3.11.6-4.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-3.11.6-4.oe2403.src", + "name":"python3-3.11.6-4.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-unversioned-command-3.11.6-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.x86_64", + "name":"python3-unversioned-command-3.11.6-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-debuginfo-3.11.6-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.x86_64", + "name":"python3-debuginfo-3.11.6-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-debugsource-3.11.6-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.x86_64", + "name":"python3-debugsource-3.11.6-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-tkinter-3.11.6-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.x86_64", + "name":"python3-tkinter-3.11.6-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-devel-3.11.6-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.x86_64", + "name":"python3-devel-3.11.6-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-debug-3.11.6-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.x86_64", + "name":"python3-debug-3.11.6-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-3.11.6-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-3.11.6-4.oe2403.x86_64", + "name":"python3-3.11.6-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-0397", + "notes":[ + { + "text":"A defect was discovered in the Python “ssl” module where there is a memoryrace condition with the ssl.SSLContext methods “cert_store_stats()” and“get_ca_certs()”. The race condition can be triggered if the methods arecalled at the same time as certificates are loaded into the SSLContext,such as during the TLS handshake with a certificate directory configured.This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-help-3.11.6-4.oe2403.noarch", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.src", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-help-3.11.6-4.oe2403.noarch", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.src", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.x86_64" + ], + "details":"python3 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1940" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.4, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-help-3.11.6-4.oe2403.noarch", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.src", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-0397" + }, + { + "cve":"CVE-2024-4032", + "notes":[ + { + "text":"The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-help-3.11.6-4.oe2403.noarch", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.src", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-help-3.11.6-4.oe2403.noarch", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.src", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.x86_64" + ], + "details":"python3 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1940" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.4, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-help-3.11.6-4.oe2403.noarch", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.src", + "openEuler-24.03-LTS:python3-unversioned-command-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debuginfo-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debugsource-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-tkinter-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-devel-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-debug-3.11.6-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-3.11.6-4.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-4032" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1941.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1941.json new file mode 100644 index 0000000..8735bee --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1941.json @@ -0,0 +1,5471 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"kernel security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for kernel is now available for openEuler-22.03-LTS-SP1.", + "category":"general", + "title":"Summary" + }, + { + "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: Unregister clocks/resets when unbinding\n\nCurrently, unbinding a CCU driver unmaps the device's MMIO region, while\nleaving its clocks/resets and their providers registered. This can cause\na page fault later when some clock operation tries to perform MMIO. Fix\nthis by separating the CCU initialization from the memory allocation,\nand then using a devres callback to unregister the clocks and resets.\n\nThis also fixes a memory leak of the `struct ccu_reset`, and uses the\ncorrect owner (the specific platform driver) for the clocks and resets.\n\nEarly OF clock providers are never unregistered, and limited error\nhandling is possible, so they are mostly unchanged. The error reporting\nis made more consistent by moving the message inside of_sunxi_ccu_probe.(CVE-2021-47205)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault.(CVE-2022-48703)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Avoid overwriting the copies of clcsock callback functions\n\nThe callback functions of clcsock will be saved and replaced during\nthe fallback. But if the fallback happens more than once, then the\ncopies of these callback functions will be overwritten incorrectly,\nresulting in a loop call issue:\n\nclcsk->sk_error_report\n |- smc_fback_error_report() <------------------------------|\n |- smc_fback_forward_wakeup() | (loop)\n |- clcsock_callback() (incorrectly overwritten) |\n |- smc->clcsk_error_report() ------------------|\n\nSo this patch fixes the issue by saving these function pointers only\nonce in the fallback and avoiding overwriting.(CVE-2022-48780)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr\n\nThis node pointer is returned by of_find_compatible_node() with\nrefcount incremented. Calling of_node_put() to aovid the refcount leak.(CVE-2022-48859)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path.(CVE-2023-52679)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: do not free live element\n\nPablo reports a crash with large batches of elements with a\nback-to-back add/remove pattern. Quoting Pablo:\n\n add_elem(\"00000000\") timeout 100 ms\n ...\n add_elem(\"0000000X\") timeout 100 ms\n del_elem(\"0000000X\") <---------------- delete one that was just added\n ...\n add_elem(\"00005000\") timeout 100 ms\n\n 1) nft_pipapo_remove() removes element 0000000X\n Then, KASAN shows a splat.\n\nLooking at the remove function there is a chance that we will drop a\nrule that maps to a non-deactivated element.\n\nRemoval happens in two steps, first we do a lookup for key k and return the\nto-be-removed element and mark it as inactive in the next generation.\nThen, in a second step, the element gets removed from the set/map.\n\nThe _remove function does not work correctly if we have more than one\nelement that share the same key.\n\nThis can happen if we insert an element into a set when the set already\nholds an element with same key, but the element mapping to the existing\nkey has timed out or is not active in the next generation.\n\nIn such case its possible that removal will unmap the wrong element.\nIf this happens, we will leak the non-deactivated element, it becomes\nunreachable.\n\nThe element that got deactivated (and will be freed later) will\nremain reachable in the set data structure, this can result in\na crash when such an element is retrieved during lookup (stale\npointer).\n\nAdd a check that the fully matching key does in fact map to the element\nthat we have marked as inactive in the deactivation step.\nIf not, we need to continue searching.\n\nAdd a bug/warn trap at the end of the function as well, the remove\nfunction must not ever be called with an invisible/unreachable/non-existent\nelement.\n\nv2: avoid uneeded temporary variable (Stefano)(CVE-2024-26924)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release mutex after nft_gc_seq_end from abort path\n\nThe commit mutex should not be released during the critical section\nbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC\nworker could collect expired objects and get the released commit lock\nwithin the same GC sequence.\n\nnf_tables_module_autoload() temporarily releases the mutex to load\nmodule dependencies, then it goes back to replay the transaction again.\nMove it at the end of the abort phase after nft_gc_seq_end() is called.(CVE-2024-26925)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix mirred deadlock on device recursion\n\nWhen the mirred action is used on a classful egress qdisc and a packet is\nmirrored or redirected to self we hit a qdisc lock deadlock.\nSee trace below.\n\n[..... other info removed for brevity....]\n[ 82.890906]\n[ 82.890906] ============================================\n[ 82.890906] WARNING: possible recursive locking detected\n[ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W\n[ 82.890906] --------------------------------------------\n[ 82.890906] ping/418 is trying to acquire lock:\n[ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] but task is already holding lock:\n[ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] other info that might help us debug this:\n[ 82.890906] Possible unsafe locking scenario:\n[ 82.890906]\n[ 82.890906] CPU0\n[ 82.890906] ----\n[ 82.890906] lock(&sch->q.lock);\n[ 82.890906] lock(&sch->q.lock);\n[ 82.890906]\n[ 82.890906] *** DEADLOCK ***\n[ 82.890906]\n[..... other info removed for brevity....]\n\nExample setup (eth0->eth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nAnother example(eth0->eth1->eth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth1\n\ntc qdisc add dev eth1 root handle 1: htb default 30\ntc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nWe fix this by adding an owner field (CPU id) to struct Qdisc set after\nroot qdisc is entered. When the softirq enters it a second time, if the\nqdisc owner is the same CPU, the packet is dropped to break the loop.(CVE-2024-27010)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: fix node id validation\n\nWhile validating node ids in map_benchmark_ioctl(), node_possible() may\nbe provided with invalid argument outside of [0,MAX_NUMNODES-1] range\nleading to:\n\nBUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nRead of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971\nCPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \ndump_stack_lvl (lib/dump_stack.c:117)\nkasan_report (mm/kasan/report.c:603)\nkasan_check_range (mm/kasan/generic.c:189)\nvariable_test_bit (arch/x86/include/asm/bitops.h:227) [inline]\narch_test_bit (arch/x86/include/asm/bitops.h:239) [inline]\n_test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline]\nnode_state (include/linux/nodemask.h:423) [inline]\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nCompare node ids with sane bounds first. NUMA_NO_NODE is considered a\nspecial valid case meaning that benchmarking kthreads won't be bound to a\ncpuset of a given node.\n\nFound by Linux Verification Center (linuxtesting.org).(CVE-2024-34777)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmd/dm-raid: don't call md_reap_sync_thread() directly\n\nCurrently md_reap_sync_thread() is called from raid_message() directly\nwithout holding 'reconfig_mutex', this is definitely unsafe because\nmd_reap_sync_thread() can change many fields that is protected by\n'reconfig_mutex'.\n\nHowever, hold 'reconfig_mutex' here is still problematic because this\nwill cause deadlock, for example, commit 130443d60b1b (\"md: refactor\nidle/frozen_sync_thread() to fix deadlock\").\n\nFix this problem by using stop_sync_thread() to unregister sync_thread,\nlike md/raid did.(CVE-2024-35808)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue.(CVE-2024-35837)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: flush pending destroy work before exit_net release\n\nSimilar to 2c9f0293280e (\"netfilter: nf_tables: flush pending destroy\nwork before netlink notifier\") to address a race between exit_net and\nthe destroy workqueue.\n\nThe trace below shows an element to be released via destroy workqueue\nwhile exit_net path (triggered via module removal) has already released\nthe set that is used in such transaction.\n\n[ 1360.547789] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.547861] Read of size 8 at addr ffff888140500cc0 by task kworker/4:1/152465\n[ 1360.547870] CPU: 4 PID: 152465 Comm: kworker/4:1 Not tainted 6.8.0+ #359\n[ 1360.547882] Workqueue: events nf_tables_trans_destroy_work [nf_tables]\n[ 1360.547984] Call Trace:\n[ 1360.547991] \n[ 1360.547998] dump_stack_lvl+0x53/0x70\n[ 1360.548014] print_report+0xc4/0x610\n[ 1360.548026] ? __virt_addr_valid+0xba/0x160\n[ 1360.548040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 1360.548054] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548176] kasan_report+0xae/0xe0\n[ 1360.548189] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548312] nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548447] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [nf_tables]\n[ 1360.548577] ? _raw_spin_unlock_irq+0x18/0x30\n[ 1360.548591] process_one_work+0x2f1/0x670\n[ 1360.548610] worker_thread+0x4d3/0x760\n[ 1360.548627] ? __pfx_worker_thread+0x10/0x10\n[ 1360.548640] kthread+0x16b/0x1b0\n[ 1360.548653] ? __pfx_kthread+0x10/0x10\n[ 1360.548665] ret_from_fork+0x2f/0x50\n[ 1360.548679] ? __pfx_kthread+0x10/0x10\n[ 1360.548690] ret_from_fork_asm+0x1a/0x30\n[ 1360.548707] \n\n[ 1360.548719] Allocated by task 192061:\n[ 1360.548726] kasan_save_stack+0x20/0x40\n[ 1360.548739] kasan_save_track+0x14/0x30\n[ 1360.548750] __kasan_kmalloc+0x8f/0xa0\n[ 1360.548760] __kmalloc_node+0x1f1/0x450\n[ 1360.548771] nf_tables_newset+0x10c7/0x1b50 [nf_tables]\n[ 1360.548883] nfnetlink_rcv_batch+0xbc4/0xdc0 [nfnetlink]\n[ 1360.548909] nfnetlink_rcv+0x1a8/0x1e0 [nfnetlink]\n[ 1360.548927] netlink_unicast+0x367/0x4f0\n[ 1360.548935] netlink_sendmsg+0x34b/0x610\n[ 1360.548944] ____sys_sendmsg+0x4d4/0x510\n[ 1360.548953] ___sys_sendmsg+0xc9/0x120\n[ 1360.548961] __sys_sendmsg+0xbe/0x140\n[ 1360.548971] do_syscall_64+0x55/0x120\n[ 1360.548982] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n\n[ 1360.548994] Freed by task 192222:\n[ 1360.548999] kasan_save_stack+0x20/0x40\n[ 1360.549009] kasan_save_track+0x14/0x30\n[ 1360.549019] kasan_save_free_info+0x3b/0x60\n[ 1360.549028] poison_slab_object+0x100/0x180\n[ 1360.549036] __kasan_slab_free+0x14/0x30\n[ 1360.549042] kfree+0xb6/0x260\n[ 1360.549049] __nft_release_table+0x473/0x6a0 [nf_tables]\n[ 1360.549131] nf_tables_exit_net+0x170/0x240 [nf_tables]\n[ 1360.549221] ops_exit_list+0x50/0xa0\n[ 1360.549229] free_exit_list+0x101/0x140\n[ 1360.549236] unregister_pernet_operations+0x107/0x160\n[ 1360.549245] unregister_pernet_subsys+0x1c/0x30\n[ 1360.549254] nf_tables_module_exit+0x43/0x80 [nf_tables]\n[ 1360.549345] __do_sys_delete_module+0x253/0x370\n[ 1360.549352] do_syscall_64+0x55/0x120\n[ 1360.549360] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n\n(gdb) list *__nft_release_table+0x473\n0x1e033 is in __nft_release_table (net/netfilter/nf_tables_api.c:11354).\n11349 list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {\n11350 list_del(&flowtable->list);\n11351 nft_use_dec(&table->use);\n11352 nf_tables_flowtable_destroy(flowtable);\n11353 }\n11354 list_for_each_entry_safe(set, ns, &table->sets, list) {\n11355 list_del(&set->list);\n11356 nft_use_dec(&table->use);\n11357 if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))\n11358 nft_map_deactivat\n---truncated---(CVE-2024-35899)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n caused system hang.\n [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n [ 557.373718] [drm] PCIE GART of 512M enabled.\n [ 557.373722] [drm] PTB located at 0x0000031FED700000\n [ 557.373788] [drm] VRAM is lost due to GPU reset!\n [ 557.373789] [drm] PSP is resuming...\n [ 557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n [ 557.547067] [drm] PCI error: detected callback, state(1)!!\n [ 557.547069] [drm] No support for XGMI hive yet...\n [ 557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n [ 557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n [ 557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n [ 557.610492] [drm] PCI error: slot reset callback!!\n ...\n [ 560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n [ 560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G OE 5.15.0-91-generic #101-Ubuntu\n [ 560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n [ 560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n [ 560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n [ 560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n [ 560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n [ 560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n [ 560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n [ 560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n [ 560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n [ 560.803889] FS: 0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n [ 560.812973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n [ 560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [ 560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n [ 560.843444] PKRU: 55555554\n [ 560.846480] Call Trace:\n [ 560.849225] \n [ 560.851580] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.856488] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.861379] ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.867778] ? show_regs.part.0+0x23/0x29\n [ 560.872293] ? __die_body.cold+0x8/0xd\n [ 560.876502] ? die_addr+0x3e/0x60\n [ 560.880238] ? exc_general_protection+0x1c5/0x410\n [ 560.885532] ? asm_exc_general_protection+0x27/0x30\n [ 560.891025] ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.898323] amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.904520] process_one_work+0x228/0x3d0\nHow:\n In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.(CVE-2024-35931)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways).(CVE-2024-36923)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential kernel bug due to lack of writeback flag waiting\n\nDestructive writes to a block device on which nilfs2 is mounted can cause\na kernel bug in the folio/page writeback start routine or writeback end\nroutine (__folio_start_writeback in the log below):\n\n kernel BUG at mm/page-writeback.c:3070!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n ...\n RIP: 0010:__folio_start_writeback+0xbaa/0x10e0\n Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff\n e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f>\n 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00\n ...\n Call Trace:\n \n nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2]\n nilfs_segctor_construct+0x181/0x6b0 [nilfs2]\n nilfs_segctor_thread+0x548/0x11c0 [nilfs2]\n kthread+0x2f0/0x390\n ret_from_fork+0x4b/0x80\n ret_from_fork_asm+0x1a/0x30\n \n\nThis is because when the log writer starts a writeback for segment summary\nblocks or a super root block that use the backing device's page cache, it\ndoes not wait for the ongoing folio/page writeback, resulting in an\ninconsistent writeback state.\n\nFix this issue by waiting for ongoing writebacks when putting\nfolios/pages on the backing device into writeback state.(CVE-2024-37078)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: cdns-mhdp8546: Fix possible null pointer dereference\n\nIn cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is\nassigned to mhdp_state->current_mode, and there is a dereference of it in\ndrm_mode_set_name(), which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate().\n\nFix this bug add a check of mhdp_state->current_mode.(CVE-2024-38548)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \n\n[2] Related syzkaller crashes:(CVE-2024-38567)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmacintosh/via-macii: Fix \"BUG: sleeping function called from invalid context\"\n\nThe via-macii ADB driver calls request_irq() after disabling hard\ninterrupts. But disabling interrupts isn't necessary here because the\nVIA shift register interrupt was masked during VIA1 initialization.(CVE-2024-38607)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: et8ek8: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback\nbeing discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets\nunbound (e.g. using sysfs or hotplug), the driver is just removed\nwithout the cleanup being performed. This results in resource leaks. Fix\nit by compiling in the remove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\n\tWARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -> et8ek8_remove (section: .exit.text)(CVE-2024-38611)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: fix bounds checking in stk1160_copy_video()\n\nThe subtract in this condition is reversed. The ->length is the length\nof the buffer. The ->bytesused is how many bytes we have copied thus\nfar. When the condition is reversed that means the result of the\nsubtraction is always negative but since it's unsigned then the result\nis a very high positive value. That means the overflow check is never\ntrue.\n\nAdditionally, the ->bytesused doesn't actually work for this purpose\nbecause we're not writing to \"buf->mem + buf->bytesused\". Instead, the\nmath to calculate the destination where we are writing is a bit\ninvolved. You calculate the number of full lines already written,\nmultiply by two, skip a line if necessary so that we start on an odd\nnumbered line, and add the offset into the line.\n\nTo fix this buffer overflow, just take the actual destination where we\nare writing, if the offset is already out of bounds print an error and\nreturn. Otherwise, write up to buf->length bytes.(CVE-2024-38621)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Handle err return when savagefb_check_var failed\n\nThe commit 04e5eac8f3ab(\"fbdev: savage: Error out if pixclock equals zero\")\nchecks the value of pixclock to avoid divide-by-zero error. However\nthe function savagefb_probe doesn't handle the error return of\nsavagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.(CVE-2024-39475)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can't issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear\n MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold 'reconfig_mutex', and md_check_recovery() can't update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n'reconfig_mutex' is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when 'reconfig_mutex'\nis released. Meanwhile, the hang problem will be fixed as well.(CVE-2024-39476)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback being\ndiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.\nusing sysfs or hotplug), the driver is just removed without the cleanup\nbeing performed. This results in resource leaks. Fix it by compiling in the\nremove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\nWARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in\nreference: davinci_mmcsd_driver+0x10 (section: .data) ->\ndavinci_mmcsd_remove (section: .exit.text)(CVE-2024-39484)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-39506)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\n\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.(CVE-2024-39508)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm's semaphore, and this operation may sleep. This is\nproblematic, because __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[] dump_backtrace+0x1c/0x24\n[] show_stack+0x2c/0x38\n[] dump_stack_lvl+0x5a/0x72\n[] dump_stack+0x14/0x1c\n[] __might_resched+0x104/0x10e\n[] __might_sleep+0x3e/0x62\n[] down_write+0x20/0x72\n[] __set_memory+0x82/0x2fa\n[] __kernel_map_pages+0x5a/0xd4\n[] __alloc_pages_bulk+0x3b2/0x43a\n[] __vmalloc_node_range+0x196/0x6ba\n[] copy_process+0x72c/0x17ec\n[] kernel_clone+0x60/0x2fe\n[] kernel_thread+0x82/0xa0\n[] kthreadd+0x14a/0x1be\n[] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime.(CVE-2024-40915)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn't cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won't call iommu_sva_bind_device()\nat all.(CVE-2024-40945)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nima: Avoid blocking in RCU read-side critical section\n\nA panic happens in ima_match_policy:\n\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 42f873067 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 5 PID: 1286325 Comm: kubeletmonit.sh\nKdump: loaded Tainted: P\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n BIOS 0.0.0 02/06/2015\nRIP: 0010:ima_match_policy+0x84/0x450\nCode: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39\n 7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d\n f2 b9 f4 00 0f 84 9c 01 00 00 <44> 85 73 10 74 ea\n 44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f\nRSP: 0018:ff71570009e07a80 EFLAGS: 00010207\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200\nRDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739\nR10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970\nR13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001\nFS: 00007f5195b51740(0000)\nGS:ff3e278b12d40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ima_get_action+0x22/0x30\n process_measurement+0xb0/0x830\n ? page_add_file_rmap+0x15/0x170\n ? alloc_set_pte+0x269/0x4c0\n ? prep_new_page+0x81/0x140\n ? simple_xattr_get+0x75/0xa0\n ? selinux_file_open+0x9d/0xf0\n ima_file_check+0x64/0x90\n path_openat+0x571/0x1720\n do_filp_open+0x9b/0x110\n ? page_counter_try_charge+0x57/0xc0\n ? files_cgroup_alloc_fd+0x38/0x60\n ? __alloc_fd+0xd4/0x250\n ? do_sys_open+0x1bd/0x250\n do_sys_open+0x1bd/0x250\n do_syscall_64+0x5d/0x1d0\n entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nCommit c7423dbdbc9e (\"ima: Handle -ESTALE returned by\nima_filter_rule_match()\") introduced call to ima_lsm_copy_rule within a\nRCU read-side critical section which contains kmalloc with GFP_KERNEL.\nThis implies a possible sleep and violates limitations of RCU read-side\ncritical sections on non-PREEMPT systems.\n\nSleeping within RCU read-side critical section might cause\nsynchronize_rcu() returning early and break RCU protection, allowing a\nUAF to happen.\n\nThe root cause of this issue could be described as follows:\n|\tThread A\t|\tThread B\t|\n|\t\t\t|ima_match_policy\t|\n|\t\t\t| rcu_read_lock\t|\n|ima_lsm_update_rule\t|\t\t\t|\n| synchronize_rcu\t|\t\t\t|\n|\t\t\t| kmalloc(GFP_KERNEL)|\n|\t\t\t| sleep\t\t|\n==> synchronize_rcu returns early\n| kfree(entry)\t\t|\t\t\t|\n|\t\t\t| entry = entry->next|\n==> UAF happens and entry now becomes NULL (or could be anything).\n|\t\t\t| entry->action\t|\n==> Accessing entry might cause panic.\n\nTo fix this issue, we are converting all kmalloc that is called within\nRCU read-side critical section to use GFP_ATOMIC.\n\n[PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case](CVE-2024-40947)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there's a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list.(CVE-2024-40956)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n find_rr_leaf net/ipv6/route.c:853 [inline]\n rt6_select net/ipv6/route.c:897 [inline]\n fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n pol_lookup_func include/net/ip6_fib.h:616 [inline]\n fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x6b6/0x1140 fs/read_write.c:590\n ksys_write+0x1f8/0x260 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f(CVE-2024-40960)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Introduce timeout when waiting on transmitter empty\n\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\n\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue.(CVE-2024-40967)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.(CVE-2024-40972)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.(CVE-2024-40980)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\n\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\n\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n\n[1]\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\n hardirqs last enabled at (6182793): [] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\n hardirqs last disabled at (6182794): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (6182794): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (6182792): [] spin_unlock_bh include/linux/spinlock.h:396 [inline]\n softirqs last enabled at (6182792): [] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n softirqs last disabled at (6182790): [] spin_lock_bh include/linux/spinlock.h:356 [inline]\n softirqs last disabled at (6182790): [] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\n pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\n lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\n arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\n lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---(CVE-2024-40981)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481(CVE-2024-40995)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space.(CVE-2024-41011)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for kernel is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"kernel", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1941", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1941" + }, + { + "summary":"CVE-2021-47205", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47205&packageName=kernel" + }, + { + "summary":"CVE-2022-48703", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48703&packageName=kernel" + }, + { + "summary":"CVE-2022-48780", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48780&packageName=kernel" + }, + { + "summary":"CVE-2022-48859", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48859&packageName=kernel" + }, + { + "summary":"CVE-2023-52679", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52679&packageName=kernel" + }, + { + "summary":"CVE-2024-26924", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26924&packageName=kernel" + }, + { + "summary":"CVE-2024-26925", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26925&packageName=kernel" + }, + { + "summary":"CVE-2024-27010", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-27010&packageName=kernel" + }, + { + "summary":"CVE-2024-34777", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-34777&packageName=kernel" + }, + { + "summary":"CVE-2024-35808", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35808&packageName=kernel" + }, + { + "summary":"CVE-2024-35837", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35837&packageName=kernel" + }, + { + "summary":"CVE-2024-35899", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35899&packageName=kernel" + }, + { + "summary":"CVE-2024-35931", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35931&packageName=kernel" + }, + { + "summary":"CVE-2024-36923", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36923&packageName=kernel" + }, + { + "summary":"CVE-2024-37078", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37078&packageName=kernel" + }, + { + "summary":"CVE-2024-38548", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38548&packageName=kernel" + }, + { + "summary":"CVE-2024-38567", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38567&packageName=kernel" + }, + { + "summary":"CVE-2024-38607", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38607&packageName=kernel" + }, + { + "summary":"CVE-2024-38611", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38611&packageName=kernel" + }, + { + "summary":"CVE-2024-38621", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38621&packageName=kernel" + }, + { + "summary":"CVE-2024-39475", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39475&packageName=kernel" + }, + { + "summary":"CVE-2024-39476", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39476&packageName=kernel" + }, + { + "summary":"CVE-2024-39484", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39484&packageName=kernel" + }, + { + "summary":"CVE-2024-39506", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39506&packageName=kernel" + }, + { + "summary":"CVE-2024-39508", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39508&packageName=kernel" + }, + { + "summary":"CVE-2024-40915", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40915&packageName=kernel" + }, + { + "summary":"CVE-2024-40945", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40945&packageName=kernel" + }, + { + "summary":"CVE-2024-40947", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40947&packageName=kernel" + }, + { + "summary":"CVE-2024-40956", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40956&packageName=kernel" + }, + { + "summary":"CVE-2024-40960", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40960&packageName=kernel" + }, + { + "summary":"CVE-2024-40967", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40967&packageName=kernel" + }, + { + "summary":"CVE-2024-40972", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40972&packageName=kernel" + }, + { + "summary":"CVE-2024-40980", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40980&packageName=kernel" + }, + { + "summary":"CVE-2024-40981", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40981&packageName=kernel" + }, + { + "summary":"CVE-2024-40995", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40995&packageName=kernel" + }, + { + "summary":"CVE-2024-41011", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41011&packageName=kernel" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47205" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48703" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48780" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48859" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52679" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26924" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26925" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27010" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34777" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35808" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35837" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35899" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35931" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36923" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37078" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38548" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38567" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38607" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38611" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38621" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39475" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39476" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39484" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39506" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39508" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40915" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40945" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40947" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40956" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40960" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40967" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40972" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40980" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40981" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40995" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41011" + }, + { + "summary":"openEuler-SA-2024-1941 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1941.json" + } + ], + "title":"An update for kernel is now available for openEuler-22.03-LTS-SP1", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:20+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:20+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T10:55:00+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T10:55:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T10:55:00+08:00", + "id":"openEuler-SA-2024-1941", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"perf-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"perf-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"perf-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "name":"kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm" + }, + "name":"kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-5.10.0-136.87.0.168.oe2203sp1.src.rpm", + "name":"kernel-5.10.0-136.87.0.168.oe2203sp1.src.rpm" + }, + "name":"kernel-5.10.0-136.87.0.168.oe2203sp1.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"perf-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"perf-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"perf-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "name":"kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm" + }, + "name":"kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"perf-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"perf-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "name":"kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-5.10.0-136.87.0.168.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "name":"kernel-5.10.0-136.87.0.168.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"perf-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"perf-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "name":"kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2021-47205", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: Unregister clocks/resets when unbinding\n\nCurrently, unbinding a CCU driver unmaps the device's MMIO region, while\nleaving its clocks/resets and their providers registered. This can cause\na page fault later when some clock operation tries to perform MMIO. Fix\nthis by separating the CCU initialization from the memory allocation,\nand then using a devres callback to unregister the clocks and resets.\n\nThis also fixes a memory leak of the `struct ccu_reset`, and uses the\ncorrect owner (the specific platform driver) for the clocks and resets.\n\nEarly OF clock providers are never unregistered, and limited error\nhandling is possible, so they are mostly unchanged. The error reporting\nis made more consistent by moving the message inside of_sunxi_ccu_probe.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2021-47205" + }, + { + "cve":"CVE-2022-48703", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48703" + }, + { + "cve":"CVE-2022-48780", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Avoid overwriting the copies of clcsock callback functions\n\nThe callback functions of clcsock will be saved and replaced during\nthe fallback. But if the fallback happens more than once, then the\ncopies of these callback functions will be overwritten incorrectly,\nresulting in a loop call issue:\n\nclcsk->sk_error_report\n |- smc_fback_error_report() <------------------------------|\n |- smc_fback_forward_wakeup() | (loop)\n |- clcsock_callback() (incorrectly overwritten) |\n |- smc->clcsk_error_report() ------------------|\n\nSo this patch fixes the issue by saving these function pointers only\nonce in the fallback and avoiding overwriting.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48780" + }, + { + "cve":"CVE-2022-48859", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr\n\nThis node pointer is returned by of_find_compatible_node() with\nrefcount incremented. Calling of_node_put() to aovid the refcount leak.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48859" + }, + { + "cve":"CVE-2023-52679", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-52679" + }, + { + "cve":"CVE-2024-26924", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: do not free live element\n\nPablo reports a crash with large batches of elements with a\nback-to-back add/remove pattern. Quoting Pablo:\n\n add_elem(\"00000000\") timeout 100 ms\n ...\n add_elem(\"0000000X\") timeout 100 ms\n del_elem(\"0000000X\") <---------------- delete one that was just added\n ...\n add_elem(\"00005000\") timeout 100 ms\n\n 1) nft_pipapo_remove() removes element 0000000X\n Then, KASAN shows a splat.\n\nLooking at the remove function there is a chance that we will drop a\nrule that maps to a non-deactivated element.\n\nRemoval happens in two steps, first we do a lookup for key k and return the\nto-be-removed element and mark it as inactive in the next generation.\nThen, in a second step, the element gets removed from the set/map.\n\nThe _remove function does not work correctly if we have more than one\nelement that share the same key.\n\nThis can happen if we insert an element into a set when the set already\nholds an element with same key, but the element mapping to the existing\nkey has timed out or is not active in the next generation.\n\nIn such case its possible that removal will unmap the wrong element.\nIf this happens, we will leak the non-deactivated element, it becomes\nunreachable.\n\nThe element that got deactivated (and will be freed later) will\nremain reachable in the set data structure, this can result in\na crash when such an element is retrieved during lookup (stale\npointer).\n\nAdd a check that the fully matching key does in fact map to the element\nthat we have marked as inactive in the deactivation step.\nIf not, we need to continue searching.\n\nAdd a bug/warn trap at the end of the function as well, the remove\nfunction must not ever be called with an invisible/unreachable/non-existent\nelement.\n\nv2: avoid uneeded temporary variable (Stefano)", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.9, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-26924" + }, + { + "cve":"CVE-2024-26925", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release mutex after nft_gc_seq_end from abort path\n\nThe commit mutex should not be released during the critical section\nbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC\nworker could collect expired objects and get the released commit lock\nwithin the same GC sequence.\n\nnf_tables_module_autoload() temporarily releases the mutex to load\nmodule dependencies, then it goes back to replay the transaction again.\nMove it at the end of the abort phase after nft_gc_seq_end() is called.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.0, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-26925" + }, + { + "cve":"CVE-2024-27010", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix mirred deadlock on device recursion\n\nWhen the mirred action is used on a classful egress qdisc and a packet is\nmirrored or redirected to self we hit a qdisc lock deadlock.\nSee trace below.\n\n[..... other info removed for brevity....]\n[ 82.890906]\n[ 82.890906] ============================================\n[ 82.890906] WARNING: possible recursive locking detected\n[ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W\n[ 82.890906] --------------------------------------------\n[ 82.890906] ping/418 is trying to acquire lock:\n[ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] but task is already holding lock:\n[ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] other info that might help us debug this:\n[ 82.890906] Possible unsafe locking scenario:\n[ 82.890906]\n[ 82.890906] CPU0\n[ 82.890906] ----\n[ 82.890906] lock(&sch->q.lock);\n[ 82.890906] lock(&sch->q.lock);\n[ 82.890906]\n[ 82.890906] *** DEADLOCK ***\n[ 82.890906]\n[..... other info removed for brevity....]\n\nExample setup (eth0->eth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nAnother example(eth0->eth1->eth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth1\n\ntc qdisc add dev eth1 root handle 1: htb default 30\ntc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nWe fix this by adding an owner field (CPU id) to struct Qdisc set after\nroot qdisc is entered. When the softirq enters it a second time, if the\nqdisc owner is the same CPU, the packet is dropped to break the loop.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-27010" + }, + { + "cve":"CVE-2024-34777", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: fix node id validation\n\nWhile validating node ids in map_benchmark_ioctl(), node_possible() may\nbe provided with invalid argument outside of [0,MAX_NUMNODES-1] range\nleading to:\n\nBUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nRead of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971\nCPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \ndump_stack_lvl (lib/dump_stack.c:117)\nkasan_report (mm/kasan/report.c:603)\nkasan_check_range (mm/kasan/generic.c:189)\nvariable_test_bit (arch/x86/include/asm/bitops.h:227) [inline]\narch_test_bit (arch/x86/include/asm/bitops.h:239) [inline]\n_test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline]\nnode_state (include/linux/nodemask.h:423) [inline]\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nCompare node ids with sane bounds first. NUMA_NO_NODE is considered a\nspecial valid case meaning that benchmarking kthreads won't be bound to a\ncpuset of a given node.\n\nFound by Linux Verification Center (linuxtesting.org).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.1, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-34777" + }, + { + "cve":"CVE-2024-35808", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/dm-raid: don't call md_reap_sync_thread() directly\n\nCurrently md_reap_sync_thread() is called from raid_message() directly\nwithout holding 'reconfig_mutex', this is definitely unsafe because\nmd_reap_sync_thread() can change many fields that is protected by\n'reconfig_mutex'.\n\nHowever, hold 'reconfig_mutex' here is still problematic because this\nwill cause deadlock, for example, commit 130443d60b1b (\"md: refactor\nidle/frozen_sync_thread() to fix deadlock\").\n\nFix this problem by using stop_sync_thread() to unregister sync_thread,\nlike md/raid did.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-35808" + }, + { + "cve":"CVE-2024-35837", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-35837" + }, + { + "cve":"CVE-2024-35899", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: flush pending destroy work before exit_net release\n\nSimilar to 2c9f0293280e (\"netfilter: nf_tables: flush pending destroy\nwork before netlink notifier\") to address a race between exit_net and\nthe destroy workqueue.\n\nThe trace below shows an element to be released via destroy workqueue\nwhile exit_net path (triggered via module removal) has already released\nthe set that is used in such transaction.\n\n[ 1360.547789] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.547861] Read of size 8 at addr ffff888140500cc0 by task kworker/4:1/152465\n[ 1360.547870] CPU: 4 PID: 152465 Comm: kworker/4:1 Not tainted 6.8.0+ #359\n[ 1360.547882] Workqueue: events nf_tables_trans_destroy_work [nf_tables]\n[ 1360.547984] Call Trace:\n[ 1360.547991] \n[ 1360.547998] dump_stack_lvl+0x53/0x70\n[ 1360.548014] print_report+0xc4/0x610\n[ 1360.548026] ? __virt_addr_valid+0xba/0x160\n[ 1360.548040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 1360.548054] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548176] kasan_report+0xae/0xe0\n[ 1360.548189] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548312] nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548447] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [nf_tables]\n[ 1360.548577] ? _raw_spin_unlock_irq+0x18/0x30\n[ 1360.548591] process_one_work+0x2f1/0x670\n[ 1360.548610] worker_thread+0x4d3/0x760\n[ 1360.548627] ? __pfx_worker_thread+0x10/0x10\n[ 1360.548640] kthread+0x16b/0x1b0\n[ 1360.548653] ? __pfx_kthread+0x10/0x10\n[ 1360.548665] ret_from_fork+0x2f/0x50\n[ 1360.548679] ? __pfx_kthread+0x10/0x10\n[ 1360.548690] ret_from_fork_asm+0x1a/0x30\n[ 1360.548707] \n\n[ 1360.548719] Allocated by task 192061:\n[ 1360.548726] kasan_save_stack+0x20/0x40\n[ 1360.548739] kasan_save_track+0x14/0x30\n[ 1360.548750] __kasan_kmalloc+0x8f/0xa0\n[ 1360.548760] __kmalloc_node+0x1f1/0x450\n[ 1360.548771] nf_tables_newset+0x10c7/0x1b50 [nf_tables]\n[ 1360.548883] nfnetlink_rcv_batch+0xbc4/0xdc0 [nfnetlink]\n[ 1360.548909] nfnetlink_rcv+0x1a8/0x1e0 [nfnetlink]\n[ 1360.548927] netlink_unicast+0x367/0x4f0\n[ 1360.548935] netlink_sendmsg+0x34b/0x610\n[ 1360.548944] ____sys_sendmsg+0x4d4/0x510\n[ 1360.548953] ___sys_sendmsg+0xc9/0x120\n[ 1360.548961] __sys_sendmsg+0xbe/0x140\n[ 1360.548971] do_syscall_64+0x55/0x120\n[ 1360.548982] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n\n[ 1360.548994] Freed by task 192222:\n[ 1360.548999] kasan_save_stack+0x20/0x40\n[ 1360.549009] kasan_save_track+0x14/0x30\n[ 1360.549019] kasan_save_free_info+0x3b/0x60\n[ 1360.549028] poison_slab_object+0x100/0x180\n[ 1360.549036] __kasan_slab_free+0x14/0x30\n[ 1360.549042] kfree+0xb6/0x260\n[ 1360.549049] __nft_release_table+0x473/0x6a0 [nf_tables]\n[ 1360.549131] nf_tables_exit_net+0x170/0x240 [nf_tables]\n[ 1360.549221] ops_exit_list+0x50/0xa0\n[ 1360.549229] free_exit_list+0x101/0x140\n[ 1360.549236] unregister_pernet_operations+0x107/0x160\n[ 1360.549245] unregister_pernet_subsys+0x1c/0x30\n[ 1360.549254] nf_tables_module_exit+0x43/0x80 [nf_tables]\n[ 1360.549345] __do_sys_delete_module+0x253/0x370\n[ 1360.549352] do_syscall_64+0x55/0x120\n[ 1360.549360] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n\n(gdb) list *__nft_release_table+0x473\n0x1e033 is in __nft_release_table (net/netfilter/nf_tables_api.c:11354).\n11349 list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {\n11350 list_del(&flowtable->list);\n11351 nft_use_dec(&table->use);\n11352 nf_tables_flowtable_destroy(flowtable);\n11353 }\n11354 list_for_each_entry_safe(set, ns, &table->sets, list) {\n11355 list_del(&set->list);\n11356 nft_use_dec(&table->use);\n11357 if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))\n11358 nft_map_deactivat\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.1, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-35899" + }, + { + "cve":"CVE-2024-35931", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n caused system hang.\n [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n [ 557.373718] [drm] PCIE GART of 512M enabled.\n [ 557.373722] [drm] PTB located at 0x0000031FED700000\n [ 557.373788] [drm] VRAM is lost due to GPU reset!\n [ 557.373789] [drm] PSP is resuming...\n [ 557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n [ 557.547067] [drm] PCI error: detected callback, state(1)!!\n [ 557.547069] [drm] No support for XGMI hive yet...\n [ 557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n [ 557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n [ 557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n [ 557.610492] [drm] PCI error: slot reset callback!!\n ...\n [ 560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n [ 560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G OE 5.15.0-91-generic #101-Ubuntu\n [ 560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n [ 560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n [ 560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n [ 560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n [ 560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n [ 560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n [ 560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n [ 560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n [ 560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n [ 560.803889] FS: 0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n [ 560.812973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n [ 560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [ 560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n [ 560.843444] PKRU: 55555554\n [ 560.846480] Call Trace:\n [ 560.849225] \n [ 560.851580] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.856488] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.861379] ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.867778] ? show_regs.part.0+0x23/0x29\n [ 560.872293] ? __die_body.cold+0x8/0xd\n [ 560.876502] ? die_addr+0x3e/0x60\n [ 560.880238] ? exc_general_protection+0x1c5/0x410\n [ 560.885532] ? asm_exc_general_protection+0x27/0x30\n [ 560.891025] ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.898323] amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.904520] process_one_work+0x228/0x3d0\nHow:\n In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-35931" + }, + { + "cve":"CVE-2024-36923", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-36923" + }, + { + "cve":"CVE-2024-37078", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential kernel bug due to lack of writeback flag waiting\n\nDestructive writes to a block device on which nilfs2 is mounted can cause\na kernel bug in the folio/page writeback start routine or writeback end\nroutine (__folio_start_writeback in the log below):\n\n kernel BUG at mm/page-writeback.c:3070!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n ...\n RIP: 0010:__folio_start_writeback+0xbaa/0x10e0\n Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff\n e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f>\n 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00\n ...\n Call Trace:\n \n nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2]\n nilfs_segctor_construct+0x181/0x6b0 [nilfs2]\n nilfs_segctor_thread+0x548/0x11c0 [nilfs2]\n kthread+0x2f0/0x390\n ret_from_fork+0x4b/0x80\n ret_from_fork_asm+0x1a/0x30\n \n\nThis is because when the log writer starts a writeback for segment summary\nblocks or a super root block that use the backing device's page cache, it\ndoes not wait for the ongoing folio/page writeback, resulting in an\ninconsistent writeback state.\n\nFix this issue by waiting for ongoing writebacks when putting\nfolios/pages on the backing device into writeback state.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-37078" + }, + { + "cve":"CVE-2024-38548", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: cdns-mhdp8546: Fix possible null pointer dereference\n\nIn cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is\nassigned to mhdp_state->current_mode, and there is a dereference of it in\ndrm_mode_set_name(), which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate().\n\nFix this bug add a check of mhdp_state->current_mode.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38548" + }, + { + "cve":"CVE-2024-38567", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \n\n[2] Related syzkaller crashes:", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38567" + }, + { + "cve":"CVE-2024-38607", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmacintosh/via-macii: Fix \"BUG: sleeping function called from invalid context\"\n\nThe via-macii ADB driver calls request_irq() after disabling hard\ninterrupts. But disabling interrupts isn't necessary here because the\nVIA shift register interrupt was masked during VIA1 initialization.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38607" + }, + { + "cve":"CVE-2024-38611", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: et8ek8: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback\nbeing discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets\nunbound (e.g. using sysfs or hotplug), the driver is just removed\nwithout the cleanup being performed. This results in resource leaks. Fix\nit by compiling in the remove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\n\tWARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -> et8ek8_remove (section: .exit.text)", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38611" + }, + { + "cve":"CVE-2024-38621", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: fix bounds checking in stk1160_copy_video()\n\nThe subtract in this condition is reversed. The ->length is the length\nof the buffer. The ->bytesused is how many bytes we have copied thus\nfar. When the condition is reversed that means the result of the\nsubtraction is always negative but since it's unsigned then the result\nis a very high positive value. That means the overflow check is never\ntrue.\n\nAdditionally, the ->bytesused doesn't actually work for this purpose\nbecause we're not writing to \"buf->mem + buf->bytesused\". Instead, the\nmath to calculate the destination where we are writing is a bit\ninvolved. You calculate the number of full lines already written,\nmultiply by two, skip a line if necessary so that we start on an odd\nnumbered line, and add the offset into the line.\n\nTo fix this buffer overflow, just take the actual destination where we\nare writing, if the offset is already out of bounds print an error and\nreturn. Otherwise, write up to buf->length bytes.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38621" + }, + { + "cve":"CVE-2024-39475", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:fbdev: savage: Handle err return when savagefb_check_var failedThe commit 04e5eac8f3ab( fbdev: savage: Error out if pixclock equals zero )checks the value of pixclock to avoid divide-by-zero error. Howeverthe function savagefb_probe doesn t handle the error return ofsavagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39475" + }, + { + "cve":"CVE-2024-39476", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can't issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear\n MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold 'reconfig_mutex', and md_check_recovery() can't update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n'reconfig_mutex' is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when 'reconfig_mutex'\nis released. Meanwhile, the hang problem will be fixed as well.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39476" + }, + { + "cve":"CVE-2024-39484", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:mmc: davinci: Don t strip remove function when driver is builtinUsing __exit for the remove function results in the remove callback beingdiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.using sysfs or hotplug), the driver is just removed without the cleanupbeing performed. This results in resource leaks. Fix it by compiling in theremove callback unconditionally.This also fixes a W=1 modpost warning:WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch inreference: davinci_mmcsd_driver+0x10 (section: .data) ->davinci_mmcsd_remove (section: .exit.text)", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39484" + }, + { + "cve":"CVE-2024-39506", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39506" + }, + { + "cve":"CVE-2024-39508", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\n\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.3, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39508" + }, + { + "cve":"CVE-2024-40915", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm's semaphore, and this operation may sleep. This is\nproblematic, because __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[] dump_backtrace+0x1c/0x24\n[] show_stack+0x2c/0x38\n[] dump_stack_lvl+0x5a/0x72\n[] dump_stack+0x14/0x1c\n[] __might_resched+0x104/0x10e\n[] __might_sleep+0x3e/0x62\n[] down_write+0x20/0x72\n[] __set_memory+0x82/0x2fa\n[] __kernel_map_pages+0x5a/0xd4\n[] __alloc_pages_bulk+0x3b2/0x43a\n[] __vmalloc_node_range+0x196/0x6ba\n[] copy_process+0x72c/0x17ec\n[] kernel_clone+0x60/0x2fe\n[] kernel_thread+0x82/0xa0\n[] kthreadd+0x14a/0x1be\n[] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40915" + }, + { + "cve":"CVE-2024-40945", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn't cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won't call iommu_sva_bind_device()\nat all.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40945" + }, + { + "cve":"CVE-2024-40947", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: Avoid blocking in RCU read-side critical section\n\nA panic happens in ima_match_policy:\n\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 42f873067 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 5 PID: 1286325 Comm: kubeletmonit.sh\nKdump: loaded Tainted: P\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n BIOS 0.0.0 02/06/2015\nRIP: 0010:ima_match_policy+0x84/0x450\nCode: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39\n 7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d\n f2 b9 f4 00 0f 84 9c 01 00 00 <44> 85 73 10 74 ea\n 44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f\nRSP: 0018:ff71570009e07a80 EFLAGS: 00010207\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200\nRDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739\nR10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970\nR13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001\nFS: 00007f5195b51740(0000)\nGS:ff3e278b12d40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ima_get_action+0x22/0x30\n process_measurement+0xb0/0x830\n ? page_add_file_rmap+0x15/0x170\n ? alloc_set_pte+0x269/0x4c0\n ? prep_new_page+0x81/0x140\n ? simple_xattr_get+0x75/0xa0\n ? selinux_file_open+0x9d/0xf0\n ima_file_check+0x64/0x90\n path_openat+0x571/0x1720\n do_filp_open+0x9b/0x110\n ? page_counter_try_charge+0x57/0xc0\n ? files_cgroup_alloc_fd+0x38/0x60\n ? __alloc_fd+0xd4/0x250\n ? do_sys_open+0x1bd/0x250\n do_sys_open+0x1bd/0x250\n do_syscall_64+0x5d/0x1d0\n entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nCommit c7423dbdbc9e (\"ima: Handle -ESTALE returned by\nima_filter_rule_match()\") introduced call to ima_lsm_copy_rule within a\nRCU read-side critical section which contains kmalloc with GFP_KERNEL.\nThis implies a possible sleep and violates limitations of RCU read-side\ncritical sections on non-PREEMPT systems.\n\nSleeping within RCU read-side critical section might cause\nsynchronize_rcu() returning early and break RCU protection, allowing a\nUAF to happen.\n\nThe root cause of this issue could be described as follows:\n|\tThread A\t|\tThread B\t|\n|\t\t\t|ima_match_policy\t|\n|\t\t\t| rcu_read_lock\t|\n|ima_lsm_update_rule\t|\t\t\t|\n| synchronize_rcu\t|\t\t\t|\n|\t\t\t| kmalloc(GFP_KERNEL)|\n|\t\t\t| sleep\t\t|\n==> synchronize_rcu returns early\n| kfree(entry)\t\t|\t\t\t|\n|\t\t\t| entry = entry->next|\n==> UAF happens and entry now becomes NULL (or could be anything).\n|\t\t\t| entry->action\t|\n==> Accessing entry might cause panic.\n\nTo fix this issue, we are converting all kmalloc that is called within\nRCU read-side critical section to use GFP_ATOMIC.\n\n[PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case]", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40947" + }, + { + "cve":"CVE-2024-40956", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there's a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40956" + }, + { + "cve":"CVE-2024-40960", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n find_rr_leaf net/ipv6/route.c:853 [inline]\n rt6_select net/ipv6/route.c:897 [inline]\n fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n pol_lookup_func include/net/ip6_fib.h:616 [inline]\n fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x6b6/0x1140 fs/read_write.c:590\n ksys_write+0x1f8/0x260 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40960" + }, + { + "cve":"CVE-2024-40967", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Introduce timeout when waiting on transmitter empty\n\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\n\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40967" + }, + { + "cve":"CVE-2024-40972", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40972" + }, + { + "cve":"CVE-2024-40980", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40980" + }, + { + "cve":"CVE-2024-40981", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\n\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\n\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n\n[1]\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\n hardirqs last enabled at (6182793): [] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\n hardirqs last disabled at (6182794): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (6182794): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (6182792): [] spin_unlock_bh include/linux/spinlock.h:396 [inline]\n softirqs last enabled at (6182792): [] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n softirqs last disabled at (6182790): [] spin_lock_bh include/linux/spinlock.h:356 [inline]\n softirqs last disabled at (6182790): [] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\n pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\n lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\n arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\n lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40981" + }, + { + "cve":"CVE-2024-40995", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40995" + }, + { + "cve":"CVE-2024-41011", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1941" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.aarch64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.src", + "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.87.0.168.oe2203sp1.x86_64", + "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.87.0.168.oe2203sp1.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-41011" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1942.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1942.json new file mode 100644 index 0000000..5ef0996 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1942.json @@ -0,0 +1,6269 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"kernel security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for kernel is now available for openEuler-22.03-LTS-SP3.", + "category":"general", + "title":"Summary" + }, + { + "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: Unregister clocks/resets when unbinding\n\nCurrently, unbinding a CCU driver unmaps the device's MMIO region, while\nleaving its clocks/resets and their providers registered. This can cause\na page fault later when some clock operation tries to perform MMIO. Fix\nthis by separating the CCU initialization from the memory allocation,\nand then using a devres callback to unregister the clocks and resets.\n\nThis also fixes a memory leak of the `struct ccu_reset`, and uses the\ncorrect owner (the specific platform driver) for the clocks and resets.\n\nEarly OF clock providers are never unregistered, and limited error\nhandling is possible, so they are mostly unchanged. The error reporting\nis made more consistent by moving the message inside of_sunxi_ccu_probe.(CVE-2021-47205)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault.(CVE-2022-48703)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr\n\nThis node pointer is returned by of_find_compatible_node() with\nrefcount incremented. Calling of_node_put() to aovid the refcount leak.(CVE-2022-48859)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path.(CVE-2023-52679)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type 'int'\n\nWhen the value of the variable \"sd->params.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added.(CVE-2023-52764)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ninit/main.c: Fix potential static_command_line memory overflow\n\nWe allocate memory of size 'xlen + strlen(boot_command_line) + 1' for\nstatic_command_line, but the strings copied into static_command_line are\nextra_command_line and command_line, rather than extra_command_line and\nboot_command_line.\n\nWhen strlen(command_line) > strlen(boot_command_line), static_command_line\nwill overflow.\n\nThis patch just recovers strlen(command_line) which was miss-consolidated\nwith strlen(boot_command_line) in the commit f5c7310ac73e (\"init/main: add\nchecks for the return value of memblock_alloc*()\")(CVE-2024-26988)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: restore set elements when delete set fails\n\nFrom abort path, nft_mapelem_activate() needs to restore refcounters to\nthe original state. Currently, it uses the set->ops->walk() to iterate\nover these set elements. The existing set iterator skips inactive\nelements in the next generation, this does not work from the abort path\nto restore the original state since it has to skip active elements\ninstead (not inactive ones).\n\nThis patch moves the check for inactive elements to the set iterator\ncallback, then it reverses the logic for the .activate case which\nneeds to skip active elements.\n\nToggle next generation bit for elements when delete set command is\ninvoked and call nft_clear() from .activate (abort) path to restore the\nnext generation bit.\n\nThe splat below shows an object in mappings memleak:\n\n[43929.457523] ------------[ cut here ]------------\n[43929.457532] WARNING: CPU: 0 PID: 1139 at include/net/netfilter/nf_tables.h:1237 nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[...]\n[43929.458014] RIP: 0010:nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458076] Code: 83 f8 01 77 ab 49 8d 7c 24 08 e8 37 5e d0 de 49 8b 6c 24 08 48 8d 7d 50 e8 e9 5c d0 de 8b 45 50 8d 50 ff 89 55 50 85 c0 75 86 <0f> 0b eb 82 0f 0b eb b3 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90\n[43929.458081] RSP: 0018:ffff888140f9f4b0 EFLAGS: 00010246\n[43929.458086] RAX: 0000000000000000 RBX: ffff8881434f5288 RCX: dffffc0000000000\n[43929.458090] RDX: 00000000ffffffff RSI: ffffffffa26d28a7 RDI: ffff88810ecc9550\n[43929.458093] RBP: ffff88810ecc9500 R08: 0000000000000001 R09: ffffed10281f3e8f\n[43929.458096] R10: 0000000000000003 R11: ffff0000ffff0000 R12: ffff8881434f52a0\n[43929.458100] R13: ffff888140f9f5f4 R14: ffff888151c7a800 R15: 0000000000000002\n[43929.458103] FS: 00007f0c687c4740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[43929.458107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[43929.458111] CR2: 00007f58dbe5b008 CR3: 0000000123602005 CR4: 00000000001706f0\n[43929.458114] Call Trace:\n[43929.458118] \n[43929.458121] ? __warn+0x9f/0x1a0\n[43929.458127] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458188] ? report_bug+0x1b1/0x1e0\n[43929.458196] ? handle_bug+0x3c/0x70\n[43929.458200] ? exc_invalid_op+0x17/0x40\n[43929.458211] ? nft_setelem_data_deactivate+0xd7/0xf0 [nf_tables]\n[43929.458271] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458332] nft_mapelem_deactivate+0x24/0x30 [nf_tables]\n[43929.458392] nft_rhash_walk+0xdd/0x180 [nf_tables]\n[43929.458453] ? __pfx_nft_rhash_walk+0x10/0x10 [nf_tables]\n[43929.458512] ? rb_insert_color+0x2e/0x280\n[43929.458520] nft_map_deactivate+0xdc/0x1e0 [nf_tables]\n[43929.458582] ? __pfx_nft_map_deactivate+0x10/0x10 [nf_tables]\n[43929.458642] ? __pfx_nft_mapelem_deactivate+0x10/0x10 [nf_tables]\n[43929.458701] ? __rcu_read_unlock+0x46/0x70\n[43929.458709] nft_delset+0xff/0x110 [nf_tables]\n[43929.458769] nft_flush_table+0x16f/0x460 [nf_tables]\n[43929.458830] nf_tables_deltable+0x501/0x580 [nf_tables](CVE-2024-27012)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential panic during recovery\n\nDuring recovery, if FAULT_BLOCK is on, it is possible that\nf2fs_reserve_new_block() will return -ENOSPC during recovery,\nthen it may trigger panic.\n\nAlso, if fault injection rate is 1 and only FAULT_BLOCK fault\ntype is on, it may encounter deadloop in loop of block reservation.\n\nLet's change as below to fix these issues:\n- remove bug_on() to avoid panic.\n- limit the loop count of block reservation to avoid potential\ndeadloop.(CVE-2024-27032)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix clk_core_get NULL dereference\n\nIt is possible for clk_core_get to dereference a NULL in the following\nsequence:\n\nclk_core_get()\n of_clk_get_hw_from_clkspec()\n __of_clk_get_hw_from_provider()\n __clk_get_hw()\n\n__clk_get_hw() can return NULL which is dereferenced by clk_core_get() at\nhw->core.\n\nPrior to commit dde4eff47c82 (\"clk: Look for parents with clkdev based\nclk_lookups\") the check IS_ERR_OR_NULL() was performed which would have\ncaught the NULL.\n\nReading the description of this function it talks about returning NULL but\nthat cannot be so at the moment.\n\nUpdate the function to check for hw before dereferencing it and return NULL\nif hw is NULL.(CVE-2024-27038)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: fix phy_get_internal_delay accessing an empty array\n\nThe phy_get_internal_delay function could try to access to an empty\narray in the case that the driver is calling phy_get_internal_delay\nwithout defining delay_values and rx-internal-delay-ps or\ntx-internal-delay-ps is defined to 0 in the device-tree.\nThis will lead to \"unable to handle kernel NULL pointer dereference at\nvirtual address 0\". To avoid this kernel oops, the test should be delay\n>= 0. As there is already delay < 0 test just before, the test could\nonly be size == 0.(CVE-2024-27047)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work\n\nThe workqueue might still be running, when the driver is stopped. To\navoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().(CVE-2024-27052)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not compare internal table flags on updates\n\nRestore skipping transaction if table update does not modify flags.(CVE-2024-27065)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: bq27xxx-i2c: Do not free non existing IRQ\n\nThe bq27xxx i2c-client may not have an IRQ, in which case\nclient->irq will be 0. bq27xxx_battery_i2c_probe() already has\nan if (client->irq) check wrapping the request_threaded_irq().\n\nBut bq27xxx_battery_i2c_remove() unconditionally calls\nfree_irq(client->irq) leading to:\n\n[ 190.310742] ------------[ cut here ]------------\n[ 190.310843] Trying to free already-free IRQ 0\n[ 190.310861] WARNING: CPU: 2 PID: 1304 at kernel/irq/manage.c:1893 free_irq+0x1b8/0x310\n\nFollowed by a backtrace when unbinding the driver. Add\nan if (client->irq) to bq27xxx_battery_i2c_remove() mirroring\nprobe() to fix this.(CVE-2024-27412)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST\n\nIf we received HCI_EV_IO_CAPA_REQUEST while\nHCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote\ndoes support SSP since otherwise this event shouldn't be generated.(CVE-2024-27416)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: fix node id validation\n\nWhile validating node ids in map_benchmark_ioctl(), node_possible() may\nbe provided with invalid argument outside of [0,MAX_NUMNODES-1] range\nleading to:\n\nBUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nRead of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971\nCPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \ndump_stack_lvl (lib/dump_stack.c:117)\nkasan_report (mm/kasan/report.c:603)\nkasan_check_range (mm/kasan/generic.c:189)\nvariable_test_bit (arch/x86/include/asm/bitops.h:227) [inline]\narch_test_bit (arch/x86/include/asm/bitops.h:239) [inline]\n_test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline]\nnode_state (include/linux/nodemask.h:423) [inline]\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nCompare node ids with sane bounds first. NUMA_NO_NODE is considered a\nspecial valid case meaning that benchmarking kthreads won't be bound to a\ncpuset of a given node.\n\nFound by Linux Verification Center (linuxtesting.org).(CVE-2024-34777)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue.(CVE-2024-35837)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n caused system hang.\n [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n [ 557.373718] [drm] PCIE GART of 512M enabled.\n [ 557.373722] [drm] PTB located at 0x0000031FED700000\n [ 557.373788] [drm] VRAM is lost due to GPU reset!\n [ 557.373789] [drm] PSP is resuming...\n [ 557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n [ 557.547067] [drm] PCI error: detected callback, state(1)!!\n [ 557.547069] [drm] No support for XGMI hive yet...\n [ 557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n [ 557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n [ 557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n [ 557.610492] [drm] PCI error: slot reset callback!!\n ...\n [ 560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n [ 560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G OE 5.15.0-91-generic #101-Ubuntu\n [ 560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n [ 560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n [ 560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n [ 560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n [ 560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n [ 560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n [ 560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n [ 560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n [ 560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n [ 560.803889] FS: 0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n [ 560.812973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n [ 560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [ 560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n [ 560.843444] PKRU: 55555554\n [ 560.846480] Call Trace:\n [ 560.849225] \n [ 560.851580] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.856488] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.861379] ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.867778] ? show_regs.part.0+0x23/0x29\n [ 560.872293] ? __die_body.cold+0x8/0xd\n [ 560.876502] ? die_addr+0x3e/0x60\n [ 560.880238] ? exc_general_protection+0x1c5/0x410\n [ 560.885532] ? asm_exc_general_protection+0x27/0x30\n [ 560.891025] ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.898323] amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.904520] process_one_work+0x228/0x3d0\nHow:\n In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.(CVE-2024-35931)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways).(CVE-2024-36923)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential kernel bug due to lack of writeback flag waiting\n\nDestructive writes to a block device on which nilfs2 is mounted can cause\na kernel bug in the folio/page writeback start routine or writeback end\nroutine (__folio_start_writeback in the log below):\n\n kernel BUG at mm/page-writeback.c:3070!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n ...\n RIP: 0010:__folio_start_writeback+0xbaa/0x10e0\n Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff\n e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f>\n 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00\n ...\n Call Trace:\n \n nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2]\n nilfs_segctor_construct+0x181/0x6b0 [nilfs2]\n nilfs_segctor_thread+0x548/0x11c0 [nilfs2]\n kthread+0x2f0/0x390\n ret_from_fork+0x4b/0x80\n ret_from_fork_asm+0x1a/0x30\n \n\nThis is because when the log writer starts a writeback for segment summary\nblocks or a super root block that use the backing device's page cache, it\ndoes not wait for the ongoing folio/page writeback, resulting in an\ninconsistent writeback state.\n\nFix this issue by waiting for ongoing writebacks when putting\nfolios/pages on the backing device into writeback state.(CVE-2024-37078)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: cdns-mhdp8546: Fix possible null pointer dereference\n\nIn cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is\nassigned to mhdp_state->current_mode, and there is a dereference of it in\ndrm_mode_set_name(), which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate().\n\nFix this bug add a check of mhdp_state->current_mode.(CVE-2024-38548)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \n\n[2] Related syzkaller crashes:(CVE-2024-38567)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmacintosh/via-macii: Fix \"BUG: sleeping function called from invalid context\"\n\nThe via-macii ADB driver calls request_irq() after disabling hard\ninterrupts. But disabling interrupts isn't necessary here because the\nVIA shift register interrupt was masked during VIA1 initialization.(CVE-2024-38607)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: et8ek8: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback\nbeing discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets\nunbound (e.g. using sysfs or hotplug), the driver is just removed\nwithout the cleanup being performed. This results in resource leaks. Fix\nit by compiling in the remove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\n\tWARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -> et8ek8_remove (section: .exit.text)(CVE-2024-38611)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add error handle to avoid out-of-bounds\n\nif the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should\nbe stop to avoid out-of-bounds read, so directly return -EINVAL.(CVE-2024-39471)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Handle err return when savagefb_check_var failed\n\nThe commit 04e5eac8f3ab(\"fbdev: savage: Error out if pixclock equals zero\")\nchecks the value of pixclock to avoid divide-by-zero error. However\nthe function savagefb_probe doesn't handle the error return of\nsavagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.(CVE-2024-39475)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can't issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear\n MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold 'reconfig_mutex', and md_check_recovery() can't update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n'reconfig_mutex' is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when 'reconfig_mutex'\nis released. Meanwhile, the hang problem will be fixed as well.(CVE-2024-39476)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback being\ndiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.\nusing sysfs or hotplug), the driver is just removed without the cleanup\nbeing performed. This results in resource leaks. Fix it by compiling in the\nremove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\nWARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in\nreference: davinci_mmcsd_driver+0x10 (section: .data) ->\ndavinci_mmcsd_remove (section: .exit.text)(CVE-2024-39484)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-39506)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\n\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.(CVE-2024-39508)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm's semaphore, and this operation may sleep. This is\nproblematic, because __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[] dump_backtrace+0x1c/0x24\n[] show_stack+0x2c/0x38\n[] dump_stack_lvl+0x5a/0x72\n[] dump_stack+0x14/0x1c\n[] __might_resched+0x104/0x10e\n[] __might_sleep+0x3e/0x62\n[] down_write+0x20/0x72\n[] __set_memory+0x82/0x2fa\n[] __kernel_map_pages+0x5a/0xd4\n[] __alloc_pages_bulk+0x3b2/0x43a\n[] __vmalloc_node_range+0x196/0x6ba\n[] copy_process+0x72c/0x17ec\n[] kernel_clone+0x60/0x2fe\n[] kernel_thread+0x82/0xa0\n[] kthreadd+0x14a/0x1be\n[] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime.(CVE-2024-40915)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn't cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won't call iommu_sva_bind_device()\nat all.(CVE-2024-40945)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nima: Avoid blocking in RCU read-side critical section\n\nA panic happens in ima_match_policy:\n\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 42f873067 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 5 PID: 1286325 Comm: kubeletmonit.sh\nKdump: loaded Tainted: P\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n BIOS 0.0.0 02/06/2015\nRIP: 0010:ima_match_policy+0x84/0x450\nCode: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39\n 7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d\n f2 b9 f4 00 0f 84 9c 01 00 00 <44> 85 73 10 74 ea\n 44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f\nRSP: 0018:ff71570009e07a80 EFLAGS: 00010207\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200\nRDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739\nR10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970\nR13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001\nFS: 00007f5195b51740(0000)\nGS:ff3e278b12d40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ima_get_action+0x22/0x30\n process_measurement+0xb0/0x830\n ? page_add_file_rmap+0x15/0x170\n ? alloc_set_pte+0x269/0x4c0\n ? prep_new_page+0x81/0x140\n ? simple_xattr_get+0x75/0xa0\n ? selinux_file_open+0x9d/0xf0\n ima_file_check+0x64/0x90\n path_openat+0x571/0x1720\n do_filp_open+0x9b/0x110\n ? page_counter_try_charge+0x57/0xc0\n ? files_cgroup_alloc_fd+0x38/0x60\n ? __alloc_fd+0xd4/0x250\n ? do_sys_open+0x1bd/0x250\n do_sys_open+0x1bd/0x250\n do_syscall_64+0x5d/0x1d0\n entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nCommit c7423dbdbc9e (\"ima: Handle -ESTALE returned by\nima_filter_rule_match()\") introduced call to ima_lsm_copy_rule within a\nRCU read-side critical section which contains kmalloc with GFP_KERNEL.\nThis implies a possible sleep and violates limitations of RCU read-side\ncritical sections on non-PREEMPT systems.\n\nSleeping within RCU read-side critical section might cause\nsynchronize_rcu() returning early and break RCU protection, allowing a\nUAF to happen.\n\nThe root cause of this issue could be described as follows:\n|\tThread A\t|\tThread B\t|\n|\t\t\t|ima_match_policy\t|\n|\t\t\t| rcu_read_lock\t|\n|ima_lsm_update_rule\t|\t\t\t|\n| synchronize_rcu\t|\t\t\t|\n|\t\t\t| kmalloc(GFP_KERNEL)|\n|\t\t\t| sleep\t\t|\n==> synchronize_rcu returns early\n| kfree(entry)\t\t|\t\t\t|\n|\t\t\t| entry = entry->next|\n==> UAF happens and entry now becomes NULL (or could be anything).\n|\t\t\t| entry->action\t|\n==> Accessing entry might cause panic.\n\nTo fix this issue, we are converting all kmalloc that is called within\nRCU read-side critical section to use GFP_ATOMIC.\n\n[PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case](CVE-2024-40947)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there's a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list.(CVE-2024-40956)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n find_rr_leaf net/ipv6/route.c:853 [inline]\n rt6_select net/ipv6/route.c:897 [inline]\n fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n pol_lookup_func include/net/ip6_fib.h:616 [inline]\n fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x6b6/0x1140 fs/read_write.c:590\n ksys_write+0x1f8/0x260 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f(CVE-2024-40960)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmips: bmips: BCM6358: make sure CBR is correctly set\n\nIt was discovered that some device have CBR address set to 0 causing\nkernel panic when arch_sync_dma_for_cpu_all is called.\n\nThis was notice in situation where the system is booted from TP1 and\nBMIPS_GET_CBR() returns 0 instead of a valid address and\n!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.\n\nThe current check whether RAC flush should be disabled or not are not\nenough hence lets check if CBR is a valid address or not.(CVE-2024-40963)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Introduce timeout when waiting on transmitter empty\n\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\n\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue.(CVE-2024-40967)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.(CVE-2024-40972)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.(CVE-2024-40980)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\n\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\n\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n\n[1]\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\n hardirqs last enabled at (6182793): [] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\n hardirqs last disabled at (6182794): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (6182794): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (6182792): [] spin_unlock_bh include/linux/spinlock.h:396 [inline]\n softirqs last enabled at (6182792): [] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n softirqs last disabled at (6182790): [] spin_lock_bh include/linux/spinlock.h:356 [inline]\n softirqs last disabled at (6182790): [] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\n pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\n lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\n arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\n lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---(CVE-2024-40981)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nssb: Fix potential NULL pointer dereference in ssb_device_uevent()\n\nThe ssb_device_uevent() function first attempts to convert the 'dev' pointer\nto 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before\nperforming the NULL check, potentially leading to a NULL pointer\ndereference if 'dev' is NULL.\n\nTo fix this issue, move the NULL check before dereferencing the 'dev' pointer,\nensuring that the pointer is valid before attempting to use it.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-40982)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481(CVE-2024-40995)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space.(CVE-2024-41011)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for kernel is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"kernel", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1942", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1942" + }, + { + "summary":"CVE-2021-47205", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47205&packageName=kernel" + }, + { + "summary":"CVE-2022-48703", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48703&packageName=kernel" + }, + { + "summary":"CVE-2022-48859", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48859&packageName=kernel" + }, + { + "summary":"CVE-2023-52679", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52679&packageName=kernel" + }, + { + "summary":"CVE-2023-52764", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52764&packageName=kernel" + }, + { + "summary":"CVE-2024-26988", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26988&packageName=kernel" + }, + { + "summary":"CVE-2024-27012", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-27012&packageName=kernel" + }, + { + "summary":"CVE-2024-27032", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-27032&packageName=kernel" + }, + { + "summary":"CVE-2024-27038", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-27038&packageName=kernel" + }, + { + "summary":"CVE-2024-27047", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-27047&packageName=kernel" + }, + { + "summary":"CVE-2024-27052", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-27052&packageName=kernel" + }, + { + "summary":"CVE-2024-27065", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-27065&packageName=kernel" + }, + { + "summary":"CVE-2024-27412", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-27412&packageName=kernel" + }, + { + "summary":"CVE-2024-27416", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-27416&packageName=kernel" + }, + { + "summary":"CVE-2024-34777", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-34777&packageName=kernel" + }, + { + "summary":"CVE-2024-35837", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35837&packageName=kernel" + }, + { + "summary":"CVE-2024-35931", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35931&packageName=kernel" + }, + { + "summary":"CVE-2024-36923", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36923&packageName=kernel" + }, + { + "summary":"CVE-2024-37078", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37078&packageName=kernel" + }, + { + "summary":"CVE-2024-38548", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38548&packageName=kernel" + }, + { + "summary":"CVE-2024-38567", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38567&packageName=kernel" + }, + { + "summary":"CVE-2024-38607", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38607&packageName=kernel" + }, + { + "summary":"CVE-2024-38611", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38611&packageName=kernel" + }, + { + "summary":"CVE-2024-39471", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39471&packageName=kernel" + }, + { + "summary":"CVE-2024-39475", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39475&packageName=kernel" + }, + { + "summary":"CVE-2024-39476", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39476&packageName=kernel" + }, + { + "summary":"CVE-2024-39484", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39484&packageName=kernel" + }, + { + "summary":"CVE-2024-39506", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39506&packageName=kernel" + }, + { + "summary":"CVE-2024-39508", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39508&packageName=kernel" + }, + { + "summary":"CVE-2024-40915", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40915&packageName=kernel" + }, + { + "summary":"CVE-2024-40945", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40945&packageName=kernel" + }, + { + "summary":"CVE-2024-40947", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40947&packageName=kernel" + }, + { + "summary":"CVE-2024-40956", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40956&packageName=kernel" + }, + { + "summary":"CVE-2024-40960", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40960&packageName=kernel" + }, + { + "summary":"CVE-2024-40963", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40963&packageName=kernel" + }, + { + "summary":"CVE-2024-40967", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40967&packageName=kernel" + }, + { + "summary":"CVE-2024-40972", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40972&packageName=kernel" + }, + { + "summary":"CVE-2024-40980", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40980&packageName=kernel" + }, + { + "summary":"CVE-2024-40981", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40981&packageName=kernel" + }, + { + "summary":"CVE-2024-40982", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40982&packageName=kernel" + }, + { + "summary":"CVE-2024-40995", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40995&packageName=kernel" + }, + { + "summary":"CVE-2024-41011", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41011&packageName=kernel" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47205" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48703" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48859" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52679" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52764" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26988" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27012" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27032" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27038" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27047" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27052" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27065" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27412" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27416" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34777" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35837" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35931" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36923" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37078" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38548" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38567" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38607" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38611" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39471" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39475" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39476" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39484" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39506" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39508" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40915" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40945" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40947" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40956" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40960" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40963" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40967" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40972" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40980" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40981" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40982" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40995" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41011" + }, + { + "summary":"openEuler-SA-2024-1942 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1942.json" + } + ], + "title":"An update for kernel is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:23+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:23+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T10:55:00+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T10:55:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T10:55:00+08:00", + "id":"openEuler-SA-2024-1942", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"perf-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "name":"perf-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm" + }, + "name":"perf-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-5.10.0-221.0.0.124.oe2203sp3.src.rpm", + "name":"kernel-5.10.0-221.0.0.124.oe2203sp3.src.rpm" + }, + "name":"kernel-5.10.0-221.0.0.124.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"perf-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"perf-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"perf-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "name":"kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm" + }, + "name":"kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"perf-5.10.0-221.0.0.124.oe2203sp3.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "name":"perf-5.10.0-221.0.0.124.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-5.10.0-221.0.0.124.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "name":"kernel-5.10.0-221.0.0.124.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"perf-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"perf-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "name":"kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2021-47205", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: Unregister clocks/resets when unbinding\n\nCurrently, unbinding a CCU driver unmaps the device's MMIO region, while\nleaving its clocks/resets and their providers registered. This can cause\na page fault later when some clock operation tries to perform MMIO. Fix\nthis by separating the CCU initialization from the memory allocation,\nand then using a devres callback to unregister the clocks and resets.\n\nThis also fixes a memory leak of the `struct ccu_reset`, and uses the\ncorrect owner (the specific platform driver) for the clocks and resets.\n\nEarly OF clock providers are never unregistered, and limited error\nhandling is possible, so they are mostly unchanged. The error reporting\nis made more consistent by moving the message inside of_sunxi_ccu_probe.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2021-47205" + }, + { + "cve":"CVE-2022-48703", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48703" + }, + { + "cve":"CVE-2022-48859", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr\n\nThis node pointer is returned by of_find_compatible_node() with\nrefcount incremented. Calling of_node_put() to aovid the refcount leak.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48859" + }, + { + "cve":"CVE-2023-52679", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-52679" + }, + { + "cve":"CVE-2023-52764", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type 'int'\n\nWhen the value of the variable \"sd->params.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-52764" + }, + { + "cve":"CVE-2024-26988", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ninit/main.c: Fix potential static_command_line memory overflow\n\nWe allocate memory of size 'xlen + strlen(boot_command_line) + 1' for\nstatic_command_line, but the strings copied into static_command_line are\nextra_command_line and command_line, rather than extra_command_line and\nboot_command_line.\n\nWhen strlen(command_line) > strlen(boot_command_line), static_command_line\nwill overflow.\n\nThis patch just recovers strlen(command_line) which was miss-consolidated\nwith strlen(boot_command_line) in the commit f5c7310ac73e (\"init/main: add\nchecks for the return value of memblock_alloc*()\")", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.3, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-26988" + }, + { + "cve":"CVE-2024-27012", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: restore set elements when delete set fails\n\nFrom abort path, nft_mapelem_activate() needs to restore refcounters to\nthe original state. Currently, it uses the set->ops->walk() to iterate\nover these set elements. The existing set iterator skips inactive\nelements in the next generation, this does not work from the abort path\nto restore the original state since it has to skip active elements\ninstead (not inactive ones).\n\nThis patch moves the check for inactive elements to the set iterator\ncallback, then it reverses the logic for the .activate case which\nneeds to skip active elements.\n\nToggle next generation bit for elements when delete set command is\ninvoked and call nft_clear() from .activate (abort) path to restore the\nnext generation bit.\n\nThe splat below shows an object in mappings memleak:\n\n[43929.457523] ------------[ cut here ]------------\n[43929.457532] WARNING: CPU: 0 PID: 1139 at include/net/netfilter/nf_tables.h:1237 nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[...]\n[43929.458014] RIP: 0010:nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458076] Code: 83 f8 01 77 ab 49 8d 7c 24 08 e8 37 5e d0 de 49 8b 6c 24 08 48 8d 7d 50 e8 e9 5c d0 de 8b 45 50 8d 50 ff 89 55 50 85 c0 75 86 <0f> 0b eb 82 0f 0b eb b3 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90\n[43929.458081] RSP: 0018:ffff888140f9f4b0 EFLAGS: 00010246\n[43929.458086] RAX: 0000000000000000 RBX: ffff8881434f5288 RCX: dffffc0000000000\n[43929.458090] RDX: 00000000ffffffff RSI: ffffffffa26d28a7 RDI: ffff88810ecc9550\n[43929.458093] RBP: ffff88810ecc9500 R08: 0000000000000001 R09: ffffed10281f3e8f\n[43929.458096] R10: 0000000000000003 R11: ffff0000ffff0000 R12: ffff8881434f52a0\n[43929.458100] R13: ffff888140f9f5f4 R14: ffff888151c7a800 R15: 0000000000000002\n[43929.458103] FS: 00007f0c687c4740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[43929.458107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[43929.458111] CR2: 00007f58dbe5b008 CR3: 0000000123602005 CR4: 00000000001706f0\n[43929.458114] Call Trace:\n[43929.458118] \n[43929.458121] ? __warn+0x9f/0x1a0\n[43929.458127] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458188] ? report_bug+0x1b1/0x1e0\n[43929.458196] ? handle_bug+0x3c/0x70\n[43929.458200] ? exc_invalid_op+0x17/0x40\n[43929.458211] ? nft_setelem_data_deactivate+0xd7/0xf0 [nf_tables]\n[43929.458271] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458332] nft_mapelem_deactivate+0x24/0x30 [nf_tables]\n[43929.458392] nft_rhash_walk+0xdd/0x180 [nf_tables]\n[43929.458453] ? __pfx_nft_rhash_walk+0x10/0x10 [nf_tables]\n[43929.458512] ? rb_insert_color+0x2e/0x280\n[43929.458520] nft_map_deactivate+0xdc/0x1e0 [nf_tables]\n[43929.458582] ? __pfx_nft_map_deactivate+0x10/0x10 [nf_tables]\n[43929.458642] ? __pfx_nft_mapelem_deactivate+0x10/0x10 [nf_tables]\n[43929.458701] ? __rcu_read_unlock+0x46/0x70\n[43929.458709] nft_delset+0xff/0x110 [nf_tables]\n[43929.458769] nft_flush_table+0x16f/0x460 [nf_tables]\n[43929.458830] nf_tables_deltable+0x501/0x580 [nf_tables]", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-27012" + }, + { + "cve":"CVE-2024-27032", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential panic during recovery\n\nDuring recovery, if FAULT_BLOCK is on, it is possible that\nf2fs_reserve_new_block() will return -ENOSPC during recovery,\nthen it may trigger panic.\n\nAlso, if fault injection rate is 1 and only FAULT_BLOCK fault\ntype is on, it may encounter deadloop in loop of block reservation.\n\nLet's change as below to fix these issues:\n- remove bug_on() to avoid panic.\n- limit the loop count of block reservation to avoid potential\ndeadloop.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-27032" + }, + { + "cve":"CVE-2024-27038", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix clk_core_get NULL dereference\n\nIt is possible for clk_core_get to dereference a NULL in the following\nsequence:\n\nclk_core_get()\n of_clk_get_hw_from_clkspec()\n __of_clk_get_hw_from_provider()\n __clk_get_hw()\n\n__clk_get_hw() can return NULL which is dereferenced by clk_core_get() at\nhw->core.\n\nPrior to commit dde4eff47c82 (\"clk: Look for parents with clkdev based\nclk_lookups\") the check IS_ERR_OR_NULL() was performed which would have\ncaught the NULL.\n\nReading the description of this function it talks about returning NULL but\nthat cannot be so at the moment.\n\nUpdate the function to check for hw before dereferencing it and return NULL\nif hw is NULL.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-27038" + }, + { + "cve":"CVE-2024-27047", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: fix phy_get_internal_delay accessing an empty array\n\nThe phy_get_internal_delay function could try to access to an empty\narray in the case that the driver is calling phy_get_internal_delay\nwithout defining delay_values and rx-internal-delay-ps or\ntx-internal-delay-ps is defined to 0 in the device-tree.\nThis will lead to \"unable to handle kernel NULL pointer dereference at\nvirtual address 0\". To avoid this kernel oops, the test should be delay\n>= 0. As there is already delay < 0 test just before, the test could\nonly be size == 0.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-27047" + }, + { + "cve":"CVE-2024-27052", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work\n\nThe workqueue might still be running, when the driver is stopped. To\navoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.7, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-27052" + }, + { + "cve":"CVE-2024-27065", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not compare internal table flags on updates\n\nRestore skipping transaction if table update does not modify flags.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-27065" + }, + { + "cve":"CVE-2024-27412", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: bq27xxx-i2c: Do not free non existing IRQ\n\nThe bq27xxx i2c-client may not have an IRQ, in which case\nclient->irq will be 0. bq27xxx_battery_i2c_probe() already has\nan if (client->irq) check wrapping the request_threaded_irq().\n\nBut bq27xxx_battery_i2c_remove() unconditionally calls\nfree_irq(client->irq) leading to:\n\n[ 190.310742] ------------[ cut here ]------------\n[ 190.310843] Trying to free already-free IRQ 0\n[ 190.310861] WARNING: CPU: 2 PID: 1304 at kernel/irq/manage.c:1893 free_irq+0x1b8/0x310\n\nFollowed by a backtrace when unbinding the driver. Add\nan if (client->irq) to bq27xxx_battery_i2c_remove() mirroring\nprobe() to fix this.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-27412" + }, + { + "cve":"CVE-2024-27416", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST\n\nIf we received HCI_EV_IO_CAPA_REQUEST while\nHCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote\ndoes support SSP since otherwise this event shouldn't be generated.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-27416" + }, + { + "cve":"CVE-2024-34777", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: fix node id validation\n\nWhile validating node ids in map_benchmark_ioctl(), node_possible() may\nbe provided with invalid argument outside of [0,MAX_NUMNODES-1] range\nleading to:\n\nBUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nRead of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971\nCPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \ndump_stack_lvl (lib/dump_stack.c:117)\nkasan_report (mm/kasan/report.c:603)\nkasan_check_range (mm/kasan/generic.c:189)\nvariable_test_bit (arch/x86/include/asm/bitops.h:227) [inline]\narch_test_bit (arch/x86/include/asm/bitops.h:239) [inline]\n_test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline]\nnode_state (include/linux/nodemask.h:423) [inline]\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nCompare node ids with sane bounds first. NUMA_NO_NODE is considered a\nspecial valid case meaning that benchmarking kthreads won't be bound to a\ncpuset of a given node.\n\nFound by Linux Verification Center (linuxtesting.org).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.1, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-34777" + }, + { + "cve":"CVE-2024-35837", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-35837" + }, + { + "cve":"CVE-2024-35931", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n caused system hang.\n [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n [ 557.373718] [drm] PCIE GART of 512M enabled.\n [ 557.373722] [drm] PTB located at 0x0000031FED700000\n [ 557.373788] [drm] VRAM is lost due to GPU reset!\n [ 557.373789] [drm] PSP is resuming...\n [ 557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n [ 557.547067] [drm] PCI error: detected callback, state(1)!!\n [ 557.547069] [drm] No support for XGMI hive yet...\n [ 557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n [ 557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n [ 557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n [ 557.610492] [drm] PCI error: slot reset callback!!\n ...\n [ 560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n [ 560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G OE 5.15.0-91-generic #101-Ubuntu\n [ 560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n [ 560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n [ 560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n [ 560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n [ 560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n [ 560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n [ 560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n [ 560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n [ 560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n [ 560.803889] FS: 0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n [ 560.812973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n [ 560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [ 560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n [ 560.843444] PKRU: 55555554\n [ 560.846480] Call Trace:\n [ 560.849225] \n [ 560.851580] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.856488] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.861379] ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.867778] ? show_regs.part.0+0x23/0x29\n [ 560.872293] ? __die_body.cold+0x8/0xd\n [ 560.876502] ? die_addr+0x3e/0x60\n [ 560.880238] ? exc_general_protection+0x1c5/0x410\n [ 560.885532] ? asm_exc_general_protection+0x27/0x30\n [ 560.891025] ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.898323] amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.904520] process_one_work+0x228/0x3d0\nHow:\n In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-35931" + }, + { + "cve":"CVE-2024-36923", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-36923" + }, + { + "cve":"CVE-2024-37078", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential kernel bug due to lack of writeback flag waiting\n\nDestructive writes to a block device on which nilfs2 is mounted can cause\na kernel bug in the folio/page writeback start routine or writeback end\nroutine (__folio_start_writeback in the log below):\n\n kernel BUG at mm/page-writeback.c:3070!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n ...\n RIP: 0010:__folio_start_writeback+0xbaa/0x10e0\n Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff\n e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f>\n 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00\n ...\n Call Trace:\n \n nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2]\n nilfs_segctor_construct+0x181/0x6b0 [nilfs2]\n nilfs_segctor_thread+0x548/0x11c0 [nilfs2]\n kthread+0x2f0/0x390\n ret_from_fork+0x4b/0x80\n ret_from_fork_asm+0x1a/0x30\n \n\nThis is because when the log writer starts a writeback for segment summary\nblocks or a super root block that use the backing device's page cache, it\ndoes not wait for the ongoing folio/page writeback, resulting in an\ninconsistent writeback state.\n\nFix this issue by waiting for ongoing writebacks when putting\nfolios/pages on the backing device into writeback state.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-37078" + }, + { + "cve":"CVE-2024-38548", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: cdns-mhdp8546: Fix possible null pointer dereference\n\nIn cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is\nassigned to mhdp_state->current_mode, and there is a dereference of it in\ndrm_mode_set_name(), which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate().\n\nFix this bug add a check of mhdp_state->current_mode.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38548" + }, + { + "cve":"CVE-2024-38567", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \n\n[2] Related syzkaller crashes:", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38567" + }, + { + "cve":"CVE-2024-38607", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmacintosh/via-macii: Fix \"BUG: sleeping function called from invalid context\"\n\nThe via-macii ADB driver calls request_irq() after disabling hard\ninterrupts. But disabling interrupts isn't necessary here because the\nVIA shift register interrupt was masked during VIA1 initialization.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38607" + }, + { + "cve":"CVE-2024-38611", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: et8ek8: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback\nbeing discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets\nunbound (e.g. using sysfs or hotplug), the driver is just removed\nwithout the cleanup being performed. This results in resource leaks. Fix\nit by compiling in the remove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\n\tWARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -> et8ek8_remove (section: .exit.text)", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38611" + }, + { + "cve":"CVE-2024-39471", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add error handle to avoid out-of-bounds\n\nif the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should\nbe stop to avoid out-of-bounds read, so directly return -EINVAL.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39471" + }, + { + "cve":"CVE-2024-39475", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:fbdev: savage: Handle err return when savagefb_check_var failedThe commit 04e5eac8f3ab( fbdev: savage: Error out if pixclock equals zero )checks the value of pixclock to avoid divide-by-zero error. Howeverthe function savagefb_probe doesn t handle the error return ofsavagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39475" + }, + { + "cve":"CVE-2024-39476", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can't issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear\n MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold 'reconfig_mutex', and md_check_recovery() can't update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n'reconfig_mutex' is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when 'reconfig_mutex'\nis released. Meanwhile, the hang problem will be fixed as well.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39476" + }, + { + "cve":"CVE-2024-39484", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:mmc: davinci: Don t strip remove function when driver is builtinUsing __exit for the remove function results in the remove callback beingdiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.using sysfs or hotplug), the driver is just removed without the cleanupbeing performed. This results in resource leaks. Fix it by compiling in theremove callback unconditionally.This also fixes a W=1 modpost warning:WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch inreference: davinci_mmcsd_driver+0x10 (section: .data) ->davinci_mmcsd_remove (section: .exit.text)", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39484" + }, + { + "cve":"CVE-2024-39506", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39506" + }, + { + "cve":"CVE-2024-39508", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\n\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.3, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39508" + }, + { + "cve":"CVE-2024-40915", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm's semaphore, and this operation may sleep. This is\nproblematic, because __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[] dump_backtrace+0x1c/0x24\n[] show_stack+0x2c/0x38\n[] dump_stack_lvl+0x5a/0x72\n[] dump_stack+0x14/0x1c\n[] __might_resched+0x104/0x10e\n[] __might_sleep+0x3e/0x62\n[] down_write+0x20/0x72\n[] __set_memory+0x82/0x2fa\n[] __kernel_map_pages+0x5a/0xd4\n[] __alloc_pages_bulk+0x3b2/0x43a\n[] __vmalloc_node_range+0x196/0x6ba\n[] copy_process+0x72c/0x17ec\n[] kernel_clone+0x60/0x2fe\n[] kernel_thread+0x82/0xa0\n[] kthreadd+0x14a/0x1be\n[] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40915" + }, + { + "cve":"CVE-2024-40945", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn't cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won't call iommu_sva_bind_device()\nat all.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40945" + }, + { + "cve":"CVE-2024-40947", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: Avoid blocking in RCU read-side critical section\n\nA panic happens in ima_match_policy:\n\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 42f873067 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 5 PID: 1286325 Comm: kubeletmonit.sh\nKdump: loaded Tainted: P\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n BIOS 0.0.0 02/06/2015\nRIP: 0010:ima_match_policy+0x84/0x450\nCode: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39\n 7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d\n f2 b9 f4 00 0f 84 9c 01 00 00 <44> 85 73 10 74 ea\n 44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f\nRSP: 0018:ff71570009e07a80 EFLAGS: 00010207\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200\nRDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739\nR10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970\nR13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001\nFS: 00007f5195b51740(0000)\nGS:ff3e278b12d40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ima_get_action+0x22/0x30\n process_measurement+0xb0/0x830\n ? page_add_file_rmap+0x15/0x170\n ? alloc_set_pte+0x269/0x4c0\n ? prep_new_page+0x81/0x140\n ? simple_xattr_get+0x75/0xa0\n ? selinux_file_open+0x9d/0xf0\n ima_file_check+0x64/0x90\n path_openat+0x571/0x1720\n do_filp_open+0x9b/0x110\n ? page_counter_try_charge+0x57/0xc0\n ? files_cgroup_alloc_fd+0x38/0x60\n ? __alloc_fd+0xd4/0x250\n ? do_sys_open+0x1bd/0x250\n do_sys_open+0x1bd/0x250\n do_syscall_64+0x5d/0x1d0\n entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nCommit c7423dbdbc9e (\"ima: Handle -ESTALE returned by\nima_filter_rule_match()\") introduced call to ima_lsm_copy_rule within a\nRCU read-side critical section which contains kmalloc with GFP_KERNEL.\nThis implies a possible sleep and violates limitations of RCU read-side\ncritical sections on non-PREEMPT systems.\n\nSleeping within RCU read-side critical section might cause\nsynchronize_rcu() returning early and break RCU protection, allowing a\nUAF to happen.\n\nThe root cause of this issue could be described as follows:\n|\tThread A\t|\tThread B\t|\n|\t\t\t|ima_match_policy\t|\n|\t\t\t| rcu_read_lock\t|\n|ima_lsm_update_rule\t|\t\t\t|\n| synchronize_rcu\t|\t\t\t|\n|\t\t\t| kmalloc(GFP_KERNEL)|\n|\t\t\t| sleep\t\t|\n==> synchronize_rcu returns early\n| kfree(entry)\t\t|\t\t\t|\n|\t\t\t| entry = entry->next|\n==> UAF happens and entry now becomes NULL (or could be anything).\n|\t\t\t| entry->action\t|\n==> Accessing entry might cause panic.\n\nTo fix this issue, we are converting all kmalloc that is called within\nRCU read-side critical section to use GFP_ATOMIC.\n\n[PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case]", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40947" + }, + { + "cve":"CVE-2024-40956", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there's a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40956" + }, + { + "cve":"CVE-2024-40960", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n find_rr_leaf net/ipv6/route.c:853 [inline]\n rt6_select net/ipv6/route.c:897 [inline]\n fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n pol_lookup_func include/net/ip6_fib.h:616 [inline]\n fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x6b6/0x1140 fs/read_write.c:590\n ksys_write+0x1f8/0x260 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40960" + }, + { + "cve":"CVE-2024-40963", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmips: bmips: BCM6358: make sure CBR is correctly set\n\nIt was discovered that some device have CBR address set to 0 causing\nkernel panic when arch_sync_dma_for_cpu_all is called.\n\nThis was notice in situation where the system is booted from TP1 and\nBMIPS_GET_CBR() returns 0 instead of a valid address and\n!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.\n\nThe current check whether RAC flush should be disabled or not are not\nenough hence lets check if CBR is a valid address or not.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40963" + }, + { + "cve":"CVE-2024-40967", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Introduce timeout when waiting on transmitter empty\n\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\n\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40967" + }, + { + "cve":"CVE-2024-40972", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40972" + }, + { + "cve":"CVE-2024-40980", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40980" + }, + { + "cve":"CVE-2024-40981", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\n\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\n\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n\n[1]\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\n hardirqs last enabled at (6182793): [] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\n hardirqs last disabled at (6182794): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (6182794): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (6182792): [] spin_unlock_bh include/linux/spinlock.h:396 [inline]\n softirqs last enabled at (6182792): [] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n softirqs last disabled at (6182790): [] spin_lock_bh include/linux/spinlock.h:356 [inline]\n softirqs last disabled at (6182790): [] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\n pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\n lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\n arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\n lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40981" + }, + { + "cve":"CVE-2024-40982", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nssb: Fix potential NULL pointer dereference in ssb_device_uevent()\n\nThe ssb_device_uevent() function first attempts to convert the 'dev' pointer\nto 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before\nperforming the NULL check, potentially leading to a NULL pointer\ndereference if 'dev' is NULL.\n\nTo fix this issue, move the NULL check before dereferencing the 'dev' pointer,\nensuring that the pointer is valid before attempting to use it.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40982" + }, + { + "cve":"CVE-2024-40995", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40995" + }, + { + "cve":"CVE-2024-41011", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.aarch64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.src", + "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-221.0.0.124.oe2203sp3.x86_64", + "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-221.0.0.124.oe2203sp3.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-41011" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1943.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1943.json new file mode 100644 index 0000000..b4d40e3 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1943.json @@ -0,0 +1,2938 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"kernel security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for kernel is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n caused system hang.\n [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n [ 557.373718] [drm] PCIE GART of 512M enabled.\n [ 557.373722] [drm] PTB located at 0x0000031FED700000\n [ 557.373788] [drm] VRAM is lost due to GPU reset!\n [ 557.373789] [drm] PSP is resuming...\n [ 557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n [ 557.547067] [drm] PCI error: detected callback, state(1)!!\n [ 557.547069] [drm] No support for XGMI hive yet...\n [ 557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n [ 557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n [ 557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n [ 557.610492] [drm] PCI error: slot reset callback!!\n ...\n [ 560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n [ 560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G OE 5.15.0-91-generic #101-Ubuntu\n [ 560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n [ 560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n [ 560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n [ 560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n [ 560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n [ 560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n [ 560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n [ 560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n [ 560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n [ 560.803889] FS: 0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n [ 560.812973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n [ 560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [ 560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n [ 560.843444] PKRU: 55555554\n [ 560.846480] Call Trace:\n [ 560.849225] \n [ 560.851580] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.856488] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.861379] ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.867778] ? show_regs.part.0+0x23/0x29\n [ 560.872293] ? __die_body.cold+0x8/0xd\n [ 560.876502] ? die_addr+0x3e/0x60\n [ 560.880238] ? exc_general_protection+0x1c5/0x410\n [ 560.885532] ? asm_exc_general_protection+0x27/0x30\n [ 560.891025] ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.898323] amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.904520] process_one_work+0x228/0x3d0\nHow:\n In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.(CVE-2024-35931)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways).(CVE-2024-36923)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: cdns-mhdp8546: Fix possible null pointer dereference\n\nIn cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is\nassigned to mhdp_state->current_mode, and there is a dereference of it in\ndrm_mode_set_name(), which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate().\n\nFix this bug add a check of mhdp_state->current_mode.(CVE-2024-38548)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \n\n[2] Related syzkaller crashes:(CVE-2024-38567)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback being\ndiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.\nusing sysfs or hotplug), the driver is just removed without the cleanup\nbeing performed. This results in resource leaks. Fix it by compiling in the\nremove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\nWARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in\nreference: davinci_mmcsd_driver+0x10 (section: .data) ->\ndavinci_mmcsd_remove (section: .exit.text)(CVE-2024-39484)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-39506)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\n\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.(CVE-2024-39508)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm's semaphore, and this operation may sleep. This is\nproblematic, because __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[] dump_backtrace+0x1c/0x24\n[] show_stack+0x2c/0x38\n[] dump_stack_lvl+0x5a/0x72\n[] dump_stack+0x14/0x1c\n[] __might_resched+0x104/0x10e\n[] __might_sleep+0x3e/0x62\n[] down_write+0x20/0x72\n[] __set_memory+0x82/0x2fa\n[] __kernel_map_pages+0x5a/0xd4\n[] __alloc_pages_bulk+0x3b2/0x43a\n[] __vmalloc_node_range+0x196/0x6ba\n[] copy_process+0x72c/0x17ec\n[] kernel_clone+0x60/0x2fe\n[] kernel_thread+0x82/0xa0\n[] kthreadd+0x14a/0x1be\n[] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime.(CVE-2024-40915)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n find_rr_leaf net/ipv6/route.c:853 [inline]\n rt6_select net/ipv6/route.c:897 [inline]\n fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n pol_lookup_func include/net/ip6_fib.h:616 [inline]\n fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x6b6/0x1140 fs/read_write.c:590\n ksys_write+0x1f8/0x260 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f(CVE-2024-40960)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmips: bmips: BCM6358: make sure CBR is correctly set\n\nIt was discovered that some device have CBR address set to 0 causing\nkernel panic when arch_sync_dma_for_cpu_all is called.\n\nThis was notice in situation where the system is booted from TP1 and\nBMIPS_GET_CBR() returns 0 instead of a valid address and\n!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.\n\nThe current check whether RAC flush should be disabled or not are not\nenough hence lets check if CBR is a valid address or not.(CVE-2024-40963)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.(CVE-2024-40972)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.(CVE-2024-40980)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nssb: Fix potential NULL pointer dereference in ssb_device_uevent()\n\nThe ssb_device_uevent() function first attempts to convert the 'dev' pointer\nto 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before\nperforming the NULL check, potentially leading to a NULL pointer\ndereference if 'dev' is NULL.\n\nTo fix this issue, move the NULL check before dereferencing the 'dev' pointer,\nensuring that the pointer is valid before attempting to use it.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-40982)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481(CVE-2024-40995)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space.(CVE-2024-41011)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for kernel is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"kernel", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1943", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1943" + }, + { + "summary":"CVE-2024-35931", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35931&packageName=kernel" + }, + { + "summary":"CVE-2024-36923", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36923&packageName=kernel" + }, + { + "summary":"CVE-2024-38548", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38548&packageName=kernel" + }, + { + "summary":"CVE-2024-38567", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38567&packageName=kernel" + }, + { + "summary":"CVE-2024-39484", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39484&packageName=kernel" + }, + { + "summary":"CVE-2024-39506", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39506&packageName=kernel" + }, + { + "summary":"CVE-2024-39508", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39508&packageName=kernel" + }, + { + "summary":"CVE-2024-40915", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40915&packageName=kernel" + }, + { + "summary":"CVE-2024-40960", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40960&packageName=kernel" + }, + { + "summary":"CVE-2024-40963", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40963&packageName=kernel" + }, + { + "summary":"CVE-2024-40972", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40972&packageName=kernel" + }, + { + "summary":"CVE-2024-40980", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40980&packageName=kernel" + }, + { + "summary":"CVE-2024-40982", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40982&packageName=kernel" + }, + { + "summary":"CVE-2024-40995", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40995&packageName=kernel" + }, + { + "summary":"CVE-2024-41011", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41011&packageName=kernel" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35931" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36923" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38548" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38567" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39484" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39506" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39508" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40915" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40960" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40963" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40972" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40980" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40982" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40995" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41011" + }, + { + "summary":"openEuler-SA-2024-1943 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1943.json" + } + ], + "title":"An update for kernel is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:25+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:25+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T10:55:00+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T10:55:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T10:55:00+08:00", + "id":"openEuler-SA-2024-1943", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm" + }, + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm", + "name":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm" + }, + "name":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm" + }, + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"perf-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "name":"kernel-6.6.0-35.0.0.43.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"perf-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-35931", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n caused system hang.\n [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n [ 557.373718] [drm] PCIE GART of 512M enabled.\n [ 557.373722] [drm] PTB located at 0x0000031FED700000\n [ 557.373788] [drm] VRAM is lost due to GPU reset!\n [ 557.373789] [drm] PSP is resuming...\n [ 557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n [ 557.547067] [drm] PCI error: detected callback, state(1)!!\n [ 557.547069] [drm] No support for XGMI hive yet...\n [ 557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n [ 557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n [ 557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n [ 557.610492] [drm] PCI error: slot reset callback!!\n ...\n [ 560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n [ 560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G OE 5.15.0-91-generic #101-Ubuntu\n [ 560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n [ 560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n [ 560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n [ 560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n [ 560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n [ 560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n [ 560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n [ 560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n [ 560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n [ 560.803889] FS: 0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n [ 560.812973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n [ 560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [ 560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n [ 560.843444] PKRU: 55555554\n [ 560.846480] Call Trace:\n [ 560.849225] \n [ 560.851580] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.856488] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.861379] ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.867778] ? show_regs.part.0+0x23/0x29\n [ 560.872293] ? __die_body.cold+0x8/0xd\n [ 560.876502] ? die_addr+0x3e/0x60\n [ 560.880238] ? exc_general_protection+0x1c5/0x410\n [ 560.885532] ? asm_exc_general_protection+0x27/0x30\n [ 560.891025] ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.898323] amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.904520] process_one_work+0x228/0x3d0\nHow:\n In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-35931" + }, + { + "cve":"CVE-2024-36923", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways).", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-36923" + }, + { + "cve":"CVE-2024-38548", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: cdns-mhdp8546: Fix possible null pointer dereference\n\nIn cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is\nassigned to mhdp_state->current_mode, and there is a dereference of it in\ndrm_mode_set_name(), which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate().\n\nFix this bug add a check of mhdp_state->current_mode.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38548" + }, + { + "cve":"CVE-2024-38567", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \n\n[2] Related syzkaller crashes:", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38567" + }, + { + "cve":"CVE-2024-39484", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:mmc: davinci: Don t strip remove function when driver is builtinUsing __exit for the remove function results in the remove callback beingdiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.using sysfs or hotplug), the driver is just removed without the cleanupbeing performed. This results in resource leaks. Fix it by compiling in theremove callback unconditionally.This also fixes a W=1 modpost warning:WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch inreference: davinci_mmcsd_driver+0x10 (section: .data) ->davinci_mmcsd_remove (section: .exit.text)", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39484" + }, + { + "cve":"CVE-2024-39506", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39506" + }, + { + "cve":"CVE-2024-39508", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\n\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.3, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39508" + }, + { + "cve":"CVE-2024-40915", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm's semaphore, and this operation may sleep. This is\nproblematic, because __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[] dump_backtrace+0x1c/0x24\n[] show_stack+0x2c/0x38\n[] dump_stack_lvl+0x5a/0x72\n[] dump_stack+0x14/0x1c\n[] __might_resched+0x104/0x10e\n[] __might_sleep+0x3e/0x62\n[] down_write+0x20/0x72\n[] __set_memory+0x82/0x2fa\n[] __kernel_map_pages+0x5a/0xd4\n[] __alloc_pages_bulk+0x3b2/0x43a\n[] __vmalloc_node_range+0x196/0x6ba\n[] copy_process+0x72c/0x17ec\n[] kernel_clone+0x60/0x2fe\n[] kernel_thread+0x82/0xa0\n[] kthreadd+0x14a/0x1be\n[] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40915" + }, + { + "cve":"CVE-2024-40960", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n find_rr_leaf net/ipv6/route.c:853 [inline]\n rt6_select net/ipv6/route.c:897 [inline]\n fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n pol_lookup_func include/net/ip6_fib.h:616 [inline]\n fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x6b6/0x1140 fs/read_write.c:590\n ksys_write+0x1f8/0x260 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40960" + }, + { + "cve":"CVE-2024-40963", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmips: bmips: BCM6358: make sure CBR is correctly set\n\nIt was discovered that some device have CBR address set to 0 causing\nkernel panic when arch_sync_dma_for_cpu_all is called.\n\nThis was notice in situation where the system is booted from TP1 and\nBMIPS_GET_CBR() returns 0 instead of a valid address and\n!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.\n\nThe current check whether RAC flush should be disabled or not are not\nenough hence lets check if CBR is a valid address or not.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40963" + }, + { + "cve":"CVE-2024-40972", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40972" + }, + { + "cve":"CVE-2024-40980", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40980" + }, + { + "cve":"CVE-2024-40982", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nssb: Fix potential NULL pointer dereference in ssb_device_uevent()\n\nThe ssb_device_uevent() function first attempts to convert the 'dev' pointer\nto 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before\nperforming the NULL check, potentially leading to a NULL pointer\ndereference if 'dev' is NULL.\n\nTo fix this issue, move the NULL check before dereferencing the 'dev' pointer,\nensuring that the pointer is valid before attempting to use it.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40982" + }, + { + "cve":"CVE-2024-40995", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40995" + }, + { + "cve":"CVE-2024-41011", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src", + "openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64", + "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-41011" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1944.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1944.json new file mode 100644 index 0000000..4cfbb2a --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1944.json @@ -0,0 +1,5182 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"kernel security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for kernel is now available for openEuler-20.03-LTS-SP4.", + "category":"general", + "title":"Summary" + }, + { + "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: tusb6010: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.(CVE-2021-47181)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix memory ordering between normal and ordered work functions\n\nOrdered work functions aren't guaranteed to be handled by the same thread\nwhich executed the normal work functions. The only way execution between\nnormal/ordered functions is synchronized is via the WORK_DONE_BIT,\nunfortunately the used bitops don't guarantee any ordering whatsoever.\n\nThis manifested as seemingly inexplicable crashes on ARM64, where\nasync_chunk::inode is seen as non-null in async_cow_submit which causes\nsubmit_compressed_extents to be called and crash occurs because\nasync_chunk::inode suddenly became NULL. The call trace was similar to:\n\n pc : submit_compressed_extents+0x38/0x3d0\n lr : async_cow_submit+0x50/0xd0\n sp : ffff800015d4bc20\n\n \n\n Call trace:\n submit_compressed_extents+0x38/0x3d0\n async_cow_submit+0x50/0xd0\n run_ordered_work+0xc8/0x280\n btrfs_work_helper+0x98/0x250\n process_one_work+0x1f0/0x4ac\n worker_thread+0x188/0x504\n kthread+0x110/0x114\n ret_from_fork+0x10/0x18\n\nFix this by adding respective barrier calls which ensure that all\naccesses preceding setting of WORK_DONE_BIT are strictly ordered before\nsetting the flag. At the same time add a read barrier after reading of\nWORK_DONE_BIT in run_ordered_work which ensures all subsequent loads\nwould be strictly ordered after reading the bit. This in turn ensures\nare all accesses before WORK_DONE_BIT are going to be strictly ordered\nbefore any access that can occur in ordered_func.(CVE-2021-47189)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa2-eth: fix use-after-free in dpaa2_eth_remove\n\nAccess to netdev after free_netdev() will cause use-after-free bug.\nMove debug log before free_netdev() call to avoid it.(CVE-2021-47204)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: ohci-tmio: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.(CVE-2021-47206)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvsock: remove vsock from connected table when connect is interrupted by a signal\n\nvsock_connect() expects that the socket could already be in the\nTCP_ESTABLISHED state when the connecting task wakes up with a signal\npending. If this happens the socket will be in the connected table, and\nit is not removed when the socket state is reset. In this situation it's\ncommon for the process to retry connect(), and if the connection is\nsuccessful the socket will be added to the connected table a second\ntime, corrupting the list.\n\nPrevent this by calling vsock_remove_connected() if a signal is received\nwhile waiting for a connection. This is harmless if the socket is not in\nthe connected table, and if it is in the table then removing it will\nprevent list corruption from a double add.\n\nNote for backporting: this patch requires d5afa82c977e (\"vsock: correct\nremoval of socket from the list\"), which is in all current stable trees\nexcept 4.9.y.(CVE-2022-48786)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: at86rf230: Stop leaking skb's\n\nUpon error the ieee802154_xmit_complete() helper is not called. Only\nieee802154_wake_queue() is called manually. In the Tx case we then leak\nthe skb structure.\n\nFree the skb structure upon error before returning when appropriate.\n\nAs the 'is_tx = 0' cannot be moved in the complete handler because of a\npossible race between the delay in switching to STATE_RX_AACK_ON and a\nnew interrupt, we introduce an intermediate 'was_tx' boolean just for\nthis purpose.\n\nThere is no Fixes tag applying here, many changes have been made on this\narea and the issue kind of always existed.(CVE-2022-48794)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvt_ioctl: fix array_index_nospec in vt_setactivate\n\narray_index_nospec ensures that an out-of-bounds value is set to zero\non the transient path. Decreasing the value by one afterwards causes\na transient integer underflow. vsa.console should be decreased first\nand then sanitized with array_index_nospec.\n\nKasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU\nAmsterdam.(CVE-2022-48804)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: f_fs: Fix use-after-free for epfile\n\nConsider a case where ffs_func_eps_disable is called from\nffs_func_disable as part of composition switch and at the\nsame time ffs_epfile_release get called from userspace.\nffs_epfile_release will free up the read buffer and call\nffs_data_closed which in turn destroys ffs->epfiles and\nmark it as NULL. While this was happening the driver has\nalready initialized the local epfile in ffs_func_eps_disable\nwhich is now freed and waiting to acquire the spinlock. Once\nspinlock is acquired the driver proceeds with the stale value\nof epfile and tries to free the already freed read buffer\ncausing use-after-free.\n\nFollowing is the illustration of the race:\n\n CPU1 CPU2\n\n ffs_func_eps_disable\n epfiles (local copy)\n\t\t\t\t\tffs_epfile_release\n\t\t\t\t\tffs_data_closed\n\t\t\t\t\tif (last file closed)\n\t\t\t\t\tffs_data_reset\n\t\t\t\t\tffs_data_clear\n\t\t\t\t\tffs_epfiles_destroy\nspin_lock\ndereference epfiles\n\nFix this races by taking epfiles local copy & assigning it under\nspinlock and if epfiles(local) is null then update it in ffs->epfiles\nthen finally destroy it.\nExtending the scope further from the race, protecting the ep related\nstructures, and concurrent accesses.(CVE-2022-48822)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix ia_size underflow\n\niattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and\nNFSv4 both define file size as an unsigned 64-bit type. Thus there\nis a range of valid file size values an NFS client can send that is\nalready larger than Linux can handle.\n\nCurrently decode_fattr4() dumps a full u64 value into ia_size. If\nthat value happens to be larger than S64_MAX, then ia_size\nunderflows. I'm about to fix up the NFSv3 behavior as well, so let's\ncatch the underflow in the common code path: nfsd_setattr().(CVE-2022-48828)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nInput: aiptek - properly check endpoint type\n\nSyzbot reported warning in usb_submit_urb() which is caused by wrong\nendpoint type. There was a check for the number of endpoints, but not\nfor the type of endpoint.\n\nFix it by replacing old desc.bNumEndpoints check with\nusb_find_common_endpoints() helper for finding endpoints\n\nFail log:\n\nusb 5-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nWorkqueue: usb_hub_wq hub_event\n...\nCall Trace:\n \n aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830\n input_open_device+0x1bb/0x320 drivers/input/input.c:629\n kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593(CVE-2022-48836)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: smp: fill in sibling and core maps earlier\n\nAfter enabling CONFIG_SCHED_CORE (landed during 5.14 cycle),\n2-core 2-thread-per-core interAptiv (CPS-driven) started emitting\nthe following:\n\n[ 0.025698] CPU1 revision is: 0001a120 (MIPS interAptiv (multi))\n[ 0.048183] ------------[ cut here ]------------\n[ 0.048187] WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6025 sched_core_cpu_starting+0x198/0x240\n[ 0.048220] Modules linked in:\n[ 0.048233] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.17.0-rc3+ #35 b7b319f24073fd9a3c2aa7ad15fb7993eec0b26f\n[ 0.048247] Stack : 817f0000 00000004 327804c8 810eb050 00000000 00000004 00000000 c314fdd1\n[ 0.048278] 830cbd64 819c0000 81800000 817f0000 83070bf4 00000001 830cbd08 00000000\n[ 0.048307] 00000000 00000000 815fcbc4 00000000 00000000 00000000 00000000 00000000\n[ 0.048334] 00000000 00000000 00000000 00000000 817f0000 00000000 00000000 817f6f34\n[ 0.048361] 817f0000 818a3c00 817f0000 00000004 00000000 00000000 4dc33260 0018c933\n[ 0.048389] ...\n[ 0.048396] Call Trace:\n[ 0.048399] [<8105a7bc>] show_stack+0x3c/0x140\n[ 0.048424] [<8131c2a0>] dump_stack_lvl+0x60/0x80\n[ 0.048440] [<8108b5c0>] __warn+0xc0/0xf4\n[ 0.048454] [<8108b658>] warn_slowpath_fmt+0x64/0x10c\n[ 0.048467] [<810bd418>] sched_core_cpu_starting+0x198/0x240\n[ 0.048483] [<810c6514>] sched_cpu_starting+0x14/0x80\n[ 0.048497] [<8108c0f8>] cpuhp_invoke_callback_range+0x78/0x140\n[ 0.048510] [<8108d914>] notify_cpu_starting+0x94/0x140\n[ 0.048523] [<8106593c>] start_secondary+0xbc/0x280\n[ 0.048539]\n[ 0.048543] ---[ end trace 0000000000000000 ]---\n[ 0.048636] Synchronize counters for CPU 1: done.\n\n...for each but CPU 0/boot.\nBasic debug printks right before the mentioned line say:\n\n[ 0.048170] CPU: 1, smt_mask:\n\nSo smt_mask, which is sibling mask obviously, is empty when entering\nthe function.\nThis is critical, as sched_core_cpu_starting() calculates\ncore-scheduling parameters only once per CPU start, and it's crucial\nto have all the parameters filled in at that moment (at least it\nuses cpu_smt_mask() which in fact is `&cpu_sibling_map[cpu]` on\nMIPS).\n\nA bit of debugging led me to that set_cpu_sibling_map() performing\nthe actual map calculation, was being invocated after\nnotify_cpu_start(), and exactly the latter function starts CPU HP\ncallback round (sched_core_cpu_starting() is basically a CPU HP\ncallback).\nWhile the flow is same on ARM64 (maps after the notifier, although\nbefore calling set_cpu_online()), x86 started calculating sibling\nmaps earlier than starting the CPU HP callbacks in Linux 4.14 (see\n[0] for the reference). Neither me nor my brief tests couldn't find\nany potential caveats in calculating the maps right after performing\ndelay calibration, but the WARN splat is now gone.\nThe very same debug prints now yield exactly what I expected from\nthem:\n\n[ 0.048433] CPU: 1, smt_mask: 0-1\n\n[0] https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?id=76ce7cfe35ef(CVE-2022-48845)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gdm724x: fix use after free in gdm_lte_rx()\n\nThe netif_rx_ni() function frees the skb so we can't dereference it to\nsave the skb->len.(CVE-2022-48851)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nNFC: port100: fix use-after-free in port100_send_complete\n\nSyzbot reported UAF in port100_send_complete(). The root case is in\nmissing usb_kill_urb() calls on error handling path of ->probe function.\n\nport100_send_complete() accesses devm allocated memory which will be\nfreed on probe failure. We should kill this urbs before returning an\nerror from probe function to prevent reported use-after-free\n\nFail log:\n\nBUG: KASAN: use-after-free in port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935\nRead of size 1 at addr ffff88801bb59540 by task ksoftirqd/2/26\n...\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935\n __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670\n\n...\n\nAllocated by task 1255:\n kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:45 [inline]\n set_alloc_info mm/kasan/common.c:436 [inline]\n ____kasan_kmalloc mm/kasan/common.c:515 [inline]\n ____kasan_kmalloc mm/kasan/common.c:474 [inline]\n __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:524\n alloc_dr drivers/base/devres.c:116 [inline]\n devm_kmalloc+0x96/0x1d0 drivers/base/devres.c:823\n devm_kzalloc include/linux/device.h:209 [inline]\n port100_probe+0x8a/0x1320 drivers/nfc/port100.c:1502\n\nFreed by task 1255:\n kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\n kasan_set_track+0x21/0x30 mm/kasan/common.c:45\n kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370\n ____kasan_slab_free mm/kasan/common.c:366 [inline]\n ____kasan_slab_free+0xff/0x140 mm/kasan/common.c:328\n kasan_slab_free include/linux/kasan.h:236 [inline]\n __cache_free mm/slab.c:3437 [inline]\n kfree+0xf8/0x2b0 mm/slab.c:3794\n release_nodes+0x112/0x1a0 drivers/base/devres.c:501\n devres_release_all+0x114/0x190 drivers/base/devres.c:530\n really_probe+0x626/0xcc0 drivers/base/dd.c:670(CVE-2022-48857)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path.(CVE-2023-52679)\n\nA race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n(CVE-2024-22386)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential kernel bug due to lack of writeback flag waiting\n\nDestructive writes to a block device on which nilfs2 is mounted can cause\na kernel bug in the folio/page writeback start routine or writeback end\nroutine (__folio_start_writeback in the log below):\n\n kernel BUG at mm/page-writeback.c:3070!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n ...\n RIP: 0010:__folio_start_writeback+0xbaa/0x10e0\n Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff\n e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f>\n 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00\n ...\n Call Trace:\n \n nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2]\n nilfs_segctor_construct+0x181/0x6b0 [nilfs2]\n nilfs_segctor_thread+0x548/0x11c0 [nilfs2]\n kthread+0x2f0/0x390\n ret_from_fork+0x4b/0x80\n ret_from_fork_asm+0x1a/0x30\n \n\nThis is because when the log writer starts a writeback for segment summary\nblocks or a super root block that use the backing device's page cache, it\ndoes not wait for the ongoing folio/page writeback, resulting in an\ninconsistent writeback state.\n\nFix this issue by waiting for ongoing writebacks when putting\nfolios/pages on the backing device into writeback state.(CVE-2024-37078)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \n\n[2] Related syzkaller crashes:(CVE-2024-38567)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: et8ek8: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback\nbeing discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets\nunbound (e.g. using sysfs or hotplug), the driver is just removed\nwithout the cleanup being performed. This results in resource leaks. Fix\nit by compiling in the remove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\n\tWARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -> et8ek8_remove (section: .exit.text)(CVE-2024-38611)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nstm class: Fix a double free in stm_register_device()\n\nThe put_device(&stm->dev) call will trigger stm_device_release() which\nfrees \"stm\" so the vfree(stm) on the next line is a double free.(CVE-2024-38627)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Handle err return when savagefb_check_var failed\n\nThe commit 04e5eac8f3ab(\"fbdev: savage: Error out if pixclock equals zero\")\nchecks the value of pixclock to avoid divide-by-zero error. However\nthe function savagefb_probe doesn't handle the error return of\nsavagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.(CVE-2024-39475)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback being\ndiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.\nusing sysfs or hotplug), the driver is just removed without the cleanup\nbeing performed. This results in resource leaks. Fix it by compiling in the\nremove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\nWARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in\nreference: davinci_mmcsd_driver+0x10 (section: .data) ->\ndavinci_mmcsd_remove (section: .exit.text)(CVE-2024-39484)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-39506)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n hex dump (first 32 bytes):\n 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>...........\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n hex dump (first 32 bytes):\n 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy.....\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20(CVE-2024-40942)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nima: Avoid blocking in RCU read-side critical section\n\nA panic happens in ima_match_policy:\n\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 42f873067 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 5 PID: 1286325 Comm: kubeletmonit.sh\nKdump: loaded Tainted: P\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n BIOS 0.0.0 02/06/2015\nRIP: 0010:ima_match_policy+0x84/0x450\nCode: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39\n 7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d\n f2 b9 f4 00 0f 84 9c 01 00 00 <44> 85 73 10 74 ea\n 44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f\nRSP: 0018:ff71570009e07a80 EFLAGS: 00010207\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200\nRDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739\nR10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970\nR13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001\nFS: 00007f5195b51740(0000)\nGS:ff3e278b12d40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ima_get_action+0x22/0x30\n process_measurement+0xb0/0x830\n ? page_add_file_rmap+0x15/0x170\n ? alloc_set_pte+0x269/0x4c0\n ? prep_new_page+0x81/0x140\n ? simple_xattr_get+0x75/0xa0\n ? selinux_file_open+0x9d/0xf0\n ima_file_check+0x64/0x90\n path_openat+0x571/0x1720\n do_filp_open+0x9b/0x110\n ? page_counter_try_charge+0x57/0xc0\n ? files_cgroup_alloc_fd+0x38/0x60\n ? __alloc_fd+0xd4/0x250\n ? do_sys_open+0x1bd/0x250\n do_sys_open+0x1bd/0x250\n do_syscall_64+0x5d/0x1d0\n entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nCommit c7423dbdbc9e (\"ima: Handle -ESTALE returned by\nima_filter_rule_match()\") introduced call to ima_lsm_copy_rule within a\nRCU read-side critical section which contains kmalloc with GFP_KERNEL.\nThis implies a possible sleep and violates limitations of RCU read-side\ncritical sections on non-PREEMPT systems.\n\nSleeping within RCU read-side critical section might cause\nsynchronize_rcu() returning early and break RCU protection, allowing a\nUAF to happen.\n\nThe root cause of this issue could be described as follows:\n|\tThread A\t|\tThread B\t|\n|\t\t\t|ima_match_policy\t|\n|\t\t\t| rcu_read_lock\t|\n|ima_lsm_update_rule\t|\t\t\t|\n| synchronize_rcu\t|\t\t\t|\n|\t\t\t| kmalloc(GFP_KERNEL)|\n|\t\t\t| sleep\t\t|\n==> synchronize_rcu returns early\n| kfree(entry)\t\t|\t\t\t|\n|\t\t\t| entry = entry->next|\n==> UAF happens and entry now becomes NULL (or could be anything).\n|\t\t\t| entry->action\t|\n==> Accessing entry might cause panic.\n\nTo fix this issue, we are converting all kmalloc that is called within\nRCU read-side critical section to use GFP_ATOMIC.\n\n[PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case](CVE-2024-40947)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n find_rr_leaf net/ipv6/route.c:853 [inline]\n rt6_select net/ipv6/route.c:897 [inline]\n fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n pol_lookup_func include/net/ip6_fib.h:616 [inline]\n fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x6b6/0x1140 fs/read_write.c:590\n ksys_write+0x1f8/0x260 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f(CVE-2024-40960)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix crash while reading debugfs attribute\n\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\non a __user pointer, which results into the crash.\n\nTo fix this issue, use a small local stack buffer for sprintf() and then\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\ncall.\n\nBUG: unable to handle page fault for address: 00007f4801111000\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\nOops: 0002 [#1] PREEMPT SMP PTI\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\nRIP: 0010:memcpy_orig+0xcd/0x130\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\nFS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x183/0x510\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? memcpy_orig+0xcd/0x130\n vsnprintf+0x102/0x4c0\n sprintf+0x51/0x80\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\n full_proxy_read+0x50/0x80\n vfs_read+0xa5/0x2e0\n ? folio_add_new_anon_rmap+0x44/0xa0\n ? set_pte_at+0x15/0x30\n ? do_pte_missing+0x426/0x7f0\n ksys_read+0xa5/0xe0\n do_syscall_64+0x58/0x80\n ? __count_memcg_events+0x46/0x90\n ? count_memcg_event_mm+0x3d/0x60\n ? handle_mm_fault+0x196/0x2f0\n ? do_user_addr_fault+0x267/0x890\n ? exc_page_fault+0x69/0x150\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4800f20b4d(CVE-2024-40978)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\n\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\n\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n\n[1]\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\n hardirqs last enabled at (6182793): [] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\n hardirqs last disabled at (6182794): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (6182794): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (6182792): [] spin_unlock_bh include/linux/spinlock.h:396 [inline]\n softirqs last enabled at (6182792): [] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n softirqs last disabled at (6182790): [] spin_lock_bh include/linux/spinlock.h:356 [inline]\n softirqs last disabled at (6182790): [] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\n pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\n lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\n arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\n lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---(CVE-2024-40981)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.(CVE-2024-40988)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481(CVE-2024-40995)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for kernel is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"kernel", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1944", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1944" + }, + { + "summary":"CVE-2021-47181", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47181&packageName=kernel" + }, + { + "summary":"CVE-2021-47189", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47189&packageName=kernel" + }, + { + "summary":"CVE-2021-47204", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47204&packageName=kernel" + }, + { + "summary":"CVE-2021-47206", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47206&packageName=kernel" + }, + { + "summary":"CVE-2022-48786", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48786&packageName=kernel" + }, + { + "summary":"CVE-2022-48794", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48794&packageName=kernel" + }, + { + "summary":"CVE-2022-48804", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48804&packageName=kernel" + }, + { + "summary":"CVE-2022-48822", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48822&packageName=kernel" + }, + { + "summary":"CVE-2022-48828", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48828&packageName=kernel" + }, + { + "summary":"CVE-2022-48836", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48836&packageName=kernel" + }, + { + "summary":"CVE-2022-48845", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48845&packageName=kernel" + }, + { + "summary":"CVE-2022-48851", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48851&packageName=kernel" + }, + { + "summary":"CVE-2022-48857", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48857&packageName=kernel" + }, + { + "summary":"CVE-2023-52679", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52679&packageName=kernel" + }, + { + "summary":"CVE-2024-22386", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-22386&packageName=kernel" + }, + { + "summary":"CVE-2024-37078", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37078&packageName=kernel" + }, + { + "summary":"CVE-2024-38567", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38567&packageName=kernel" + }, + { + "summary":"CVE-2024-38611", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38611&packageName=kernel" + }, + { + "summary":"CVE-2024-38627", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38627&packageName=kernel" + }, + { + "summary":"CVE-2024-39475", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39475&packageName=kernel" + }, + { + "summary":"CVE-2024-39484", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39484&packageName=kernel" + }, + { + "summary":"CVE-2024-39506", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39506&packageName=kernel" + }, + { + "summary":"CVE-2024-40942", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40942&packageName=kernel" + }, + { + "summary":"CVE-2024-40947", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40947&packageName=kernel" + }, + { + "summary":"CVE-2024-40960", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40960&packageName=kernel" + }, + { + "summary":"CVE-2024-40978", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40978&packageName=kernel" + }, + { + "summary":"CVE-2024-40981", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40981&packageName=kernel" + }, + { + "summary":"CVE-2024-40988", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40988&packageName=kernel" + }, + { + "summary":"CVE-2024-40995", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40995&packageName=kernel" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47181" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47189" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47204" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47206" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48786" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48794" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48804" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48822" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48828" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48836" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48845" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48851" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48857" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52679" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22386" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37078" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38567" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38611" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38627" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39475" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39484" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39506" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40942" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40947" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40960" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40978" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40981" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40988" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40995" + }, + { + "summary":"openEuler-SA-2024-1944 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1944.json" + } + ], + "title":"An update for kernel is now available for openEuler-20.03-LTS-SP4", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:27+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:27+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:27+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:27+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:27+08:00", + "id":"openEuler-SA-2024-1944", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"openEuler-20.03-LTS-SP4", + "name":"openEuler-20.03-LTS-SP4" + }, + "name":"openEuler-20.03-LTS-SP4", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "name":"kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm" + }, + "name":"kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.src.rpm", + "name":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.src.rpm" + }, + "name":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" + }, + "product_id":"python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "name":"python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm" + }, + "name":"python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "name":"kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.src.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "name":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-20.03-LTS-SP4", + "product_reference":"python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "name":"python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2021-47181", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: tusb6010: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2021-47181" + }, + { + "cve":"CVE-2021-47189", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix memory ordering between normal and ordered work functions\n\nOrdered work functions aren't guaranteed to be handled by the same thread\nwhich executed the normal work functions. The only way execution between\nnormal/ordered functions is synchronized is via the WORK_DONE_BIT,\nunfortunately the used bitops don't guarantee any ordering whatsoever.\n\nThis manifested as seemingly inexplicable crashes on ARM64, where\nasync_chunk::inode is seen as non-null in async_cow_submit which causes\nsubmit_compressed_extents to be called and crash occurs because\nasync_chunk::inode suddenly became NULL. The call trace was similar to:\n\n pc : submit_compressed_extents+0x38/0x3d0\n lr : async_cow_submit+0x50/0xd0\n sp : ffff800015d4bc20\n\n \n\n Call trace:\n submit_compressed_extents+0x38/0x3d0\n async_cow_submit+0x50/0xd0\n run_ordered_work+0xc8/0x280\n btrfs_work_helper+0x98/0x250\n process_one_work+0x1f0/0x4ac\n worker_thread+0x188/0x504\n kthread+0x110/0x114\n ret_from_fork+0x10/0x18\n\nFix this by adding respective barrier calls which ensure that all\naccesses preceding setting of WORK_DONE_BIT are strictly ordered before\nsetting the flag. At the same time add a read barrier after reading of\nWORK_DONE_BIT in run_ordered_work which ensures all subsequent loads\nwould be strictly ordered after reading the bit. This in turn ensures\nare all accesses before WORK_DONE_BIT are going to be strictly ordered\nbefore any access that can occur in ordered_func.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2021-47189" + }, + { + "cve":"CVE-2021-47204", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa2-eth: fix use-after-free in dpaa2_eth_remove\n\nAccess to netdev after free_netdev() will cause use-after-free bug.\nMove debug log before free_netdev() call to avoid it.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2021-47204" + }, + { + "cve":"CVE-2021-47206", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: ohci-tmio: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2021-47206" + }, + { + "cve":"CVE-2022-48786", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: remove vsock from connected table when connect is interrupted by a signal\n\nvsock_connect() expects that the socket could already be in the\nTCP_ESTABLISHED state when the connecting task wakes up with a signal\npending. If this happens the socket will be in the connected table, and\nit is not removed when the socket state is reset. In this situation it's\ncommon for the process to retry connect(), and if the connection is\nsuccessful the socket will be added to the connected table a second\ntime, corrupting the list.\n\nPrevent this by calling vsock_remove_connected() if a signal is received\nwhile waiting for a connection. This is harmless if the socket is not in\nthe connected table, and if it is in the table then removing it will\nprevent list corruption from a double add.\n\nNote for backporting: this patch requires d5afa82c977e (\"vsock: correct\nremoval of socket from the list\"), which is in all current stable trees\nexcept 4.9.y.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":6.1, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48786" + }, + { + "cve":"CVE-2022-48794", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: at86rf230: Stop leaking skb's\n\nUpon error the ieee802154_xmit_complete() helper is not called. Only\nieee802154_wake_queue() is called manually. In the Tx case we then leak\nthe skb structure.\n\nFree the skb structure upon error before returning when appropriate.\n\nAs the 'is_tx = 0' cannot be moved in the complete handler because of a\npossible race between the delay in switching to STATE_RX_AACK_ON and a\nnew interrupt, we introduce an intermediate 'was_tx' boolean just for\nthis purpose.\n\nThere is no Fixes tag applying here, many changes have been made on this\narea and the issue kind of always existed.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.3, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2022-48794" + }, + { + "cve":"CVE-2022-48804", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvt_ioctl: fix array_index_nospec in vt_setactivate\n\narray_index_nospec ensures that an out-of-bounds value is set to zero\non the transient path. Decreasing the value by one afterwards causes\na transient integer underflow. vsa.console should be decreased first\nand then sanitized with array_index_nospec.\n\nKasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU\nAmsterdam.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48804" + }, + { + "cve":"CVE-2022-48822", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: f_fs: Fix use-after-free for epfile\n\nConsider a case where ffs_func_eps_disable is called from\nffs_func_disable as part of composition switch and at the\nsame time ffs_epfile_release get called from userspace.\nffs_epfile_release will free up the read buffer and call\nffs_data_closed which in turn destroys ffs->epfiles and\nmark it as NULL. While this was happening the driver has\nalready initialized the local epfile in ffs_func_eps_disable\nwhich is now freed and waiting to acquire the spinlock. Once\nspinlock is acquired the driver proceeds with the stale value\nof epfile and tries to free the already freed read buffer\ncausing use-after-free.\n\nFollowing is the illustration of the race:\n\n CPU1 CPU2\n\n ffs_func_eps_disable\n epfiles (local copy)\n\t\t\t\t\tffs_epfile_release\n\t\t\t\t\tffs_data_closed\n\t\t\t\t\tif (last file closed)\n\t\t\t\t\tffs_data_reset\n\t\t\t\t\tffs_data_clear\n\t\t\t\t\tffs_epfiles_destroy\nspin_lock\ndereference epfiles\n\nFix this races by taking epfiles local copy & assigning it under\nspinlock and if epfiles(local) is null then update it in ffs->epfiles\nthen finally destroy it.\nExtending the scope further from the race, protecting the ep related\nstructures, and concurrent accesses.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2022-48822" + }, + { + "cve":"CVE-2022-48828", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix ia_size underflow\n\niattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and\nNFSv4 both define file size as an unsigned 64-bit type. Thus there\nis a range of valid file size values an NFS client can send that is\nalready larger than Linux can handle.\n\nCurrently decode_fattr4() dumps a full u64 value into ia_size. If\nthat value happens to be larger than S64_MAX, then ia_size\nunderflows. I'm about to fix up the NFSv3 behavior as well, so let's\ncatch the underflow in the common code path: nfsd_setattr().", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48828" + }, + { + "cve":"CVE-2022-48836", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:Input: aiptek - properly check endpoint typeSyzbot reported warning in usb_submit_urb() which is caused by wrongendpoint type. There was a check for the number of endpoints, but notfor the type of endpoint.Fix it by replacing old desc.bNumEndpoints check withusb_find_common_endpoints() helper for finding endpointsFail log:usb 5-1: BOGUS urb xfer, pipe 1 != type 3WARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502Modules linked in:CPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014Workqueue: usb_hub_wq hub_event...Call Trace: aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830 input_open_device+0x1bb/0x320 drivers/input/input.c:629 kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48836" + }, + { + "cve":"CVE-2022-48845", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:MIPS: smp: fill in sibling and core maps earlierAfter enabling CONFIG_SCHED_CORE (landed during 5.14 cycle),2-core 2-thread-per-core interAptiv (CPS-driven) started emittingthe following:[ 0.025698] CPU1 revision is: 0001a120 (MIPS interAptiv (multi))[ 0.048183] ------------[ cut here ]------------[ 0.048187] WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6025 sched_core_cpu_starting+0x198/0x240[ 0.048220] Modules linked in:[ 0.048233] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.17.0-rc3+ #35 b7b319f24073fd9a3c2aa7ad15fb7993eec0b26f[ 0.048247] Stack : 817f0000 00000004 327804c8 810eb050 00000000 00000004 00000000 c314fdd1[ 0.048278] 830cbd64 819c0000 81800000 817f0000 83070bf4 00000001 830cbd08 00000000[ 0.048307] 00000000 00000000 815fcbc4 00000000 00000000 00000000 00000000 00000000[ 0.048334] 00000000 00000000 00000000 00000000 817f0000 00000000 00000000 817f6f34[ 0.048361] 817f0000 818a3c00 817f0000 00000004 00000000 00000000 4dc33260 0018c933[ 0.048389] ...[ 0.048396] Call Trace:[ 0.048399] [<8105a7bc>] show_stack+0x3c/0x140[ 0.048424] [<8131c2a0>] dump_stack_lvl+0x60/0x80[ 0.048440] [<8108b5c0>] __warn+0xc0/0xf4[ 0.048454] [<8108b658>] warn_slowpath_fmt+0x64/0x10c[ 0.048467] [<810bd418>] sched_core_cpu_starting+0x198/0x240[ 0.048483] [<810c6514>] sched_cpu_starting+0x14/0x80[ 0.048497] [<8108c0f8>] cpuhp_invoke_callback_range+0x78/0x140[ 0.048510] [<8108d914>] notify_cpu_starting+0x94/0x140[ 0.048523] [<8106593c>] start_secondary+0xbc/0x280[ 0.048539][ 0.048543] ---[ end trace 0000000000000000 ]---[ 0.048636] Synchronize counters for CPU 1: done....for each but CPU 0/boot.Basic debug printks right before the mentioned line say:[ 0.048170] CPU: 1, smt_mask:So smt_mask, which is sibling mask obviously, is empty when enteringthe function.This is critical, as sched_core_cpu_starting() calculatescore-scheduling parameters only once per CPU start, and it s crucialto have all the parameters filled in at that moment (at least ituses cpu_smt_mask() which in fact is `&cpu_sibling_map[cpu]` onMIPS).A bit of debugging led me to that set_cpu_sibling_map() performingthe actual map calculation, was being invocated afternotify_cpu_start(), and exactly the latter function starts CPU HPcallback round (sched_core_cpu_starting() is basically a CPU HPcallback).While the flow is same on ARM64 (maps after the notifier, althoughbefore calling set_cpu_online()), x86 started calculating siblingmaps earlier than starting the CPU HP callbacks in Linux 4.14 (see[0] for the reference). Neither me nor my brief tests couldn t findany potential caveats in calculating the maps right after performingdelay calibration, but the WARN splat is now gone.The very same debug prints now yield exactly what I expected fromthem:[ 0.048433] CPU: 1, smt_mask: 0-1[0] https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?id=76ce7cfe35ef", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48845" + }, + { + "cve":"CVE-2022-48851", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:staging: gdm724x: fix use after free in gdm_lte_rx()The netif_rx_ni() function frees the skb so we can t dereference it tosave the skb->len.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.8, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2022-48851" + }, + { + "cve":"CVE-2022-48857", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:NFC: port100: fix use-after-free in port100_send_completeSyzbot reported UAF in port100_send_complete(). The root case is inmissing usb_kill_urb() calls on error handling path of ->probe function.port100_send_complete() accesses devm allocated memory which will befreed on probe failure. We should kill this urbs before returning anerror from probe function to prevent reported use-after-freeFail log:BUG: KASAN: use-after-free in port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935Read of size 1 at addr ffff88801bb59540 by task ksoftirqd/2/26...Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670...Allocated by task 1255: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:436 [inline] ____kasan_kmalloc mm/kasan/common.c:515 [inline] ____kasan_kmalloc mm/kasan/common.c:474 [inline] __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:524 alloc_dr drivers/base/devres.c:116 [inline] devm_kmalloc+0x96/0x1d0 drivers/base/devres.c:823 devm_kzalloc include/linux/device.h:209 [inline] port100_probe+0x8a/0x1320 drivers/nfc/port100.c:1502Freed by task 1255: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free+0xff/0x140 mm/kasan/common.c:328 kasan_slab_free include/linux/kasan.h:236 [inline] __cache_free mm/slab.c:3437 [inline] kfree+0xf8/0x2b0 mm/slab.c:3794 release_nodes+0x112/0x1a0 drivers/base/devres.c:501 devres_release_all+0x114/0x190 drivers/base/devres.c:530 really_probe+0x626/0xcc0 drivers/base/dd.c:670", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2022-48857" + }, + { + "cve":"CVE-2023-52679", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2023-52679" + }, + { + "cve":"CVE-2024-22386", + "notes":[ + { + "text":"A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.7, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-22386" + }, + { + "cve":"CVE-2024-37078", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential kernel bug due to lack of writeback flag waiting\n\nDestructive writes to a block device on which nilfs2 is mounted can cause\na kernel bug in the folio/page writeback start routine or writeback end\nroutine (__folio_start_writeback in the log below):\n\n kernel BUG at mm/page-writeback.c:3070!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n ...\n RIP: 0010:__folio_start_writeback+0xbaa/0x10e0\n Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff\n e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f>\n 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00\n ...\n Call Trace:\n \n nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2]\n nilfs_segctor_construct+0x181/0x6b0 [nilfs2]\n nilfs_segctor_thread+0x548/0x11c0 [nilfs2]\n kthread+0x2f0/0x390\n ret_from_fork+0x4b/0x80\n ret_from_fork_asm+0x1a/0x30\n \n\nThis is because when the log writer starts a writeback for segment summary\nblocks or a super root block that use the backing device's page cache, it\ndoes not wait for the ongoing folio/page writeback, resulting in an\ninconsistent writeback state.\n\nFix this issue by waiting for ongoing writebacks when putting\nfolios/pages on the backing device into writeback state.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-37078" + }, + { + "cve":"CVE-2024-38567", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \n\n[2] Related syzkaller crashes:", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38567" + }, + { + "cve":"CVE-2024-38611", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: et8ek8: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback\nbeing discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets\nunbound (e.g. using sysfs or hotplug), the driver is just removed\nwithout the cleanup being performed. This results in resource leaks. Fix\nit by compiling in the remove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\n\tWARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -> et8ek8_remove (section: .exit.text)", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38611" + }, + { + "cve":"CVE-2024-38627", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nstm class: Fix a double free in stm_register_device()\n\nThe put_device(&stm->dev) call will trigger stm_device_release() which\nfrees \"stm\" so the vfree(stm) on the next line is a double free.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-38627" + }, + { + "cve":"CVE-2024-39475", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:fbdev: savage: Handle err return when savagefb_check_var failedThe commit 04e5eac8f3ab( fbdev: savage: Error out if pixclock equals zero )checks the value of pixclock to avoid divide-by-zero error. Howeverthe function savagefb_probe doesn t handle the error return ofsavagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39475" + }, + { + "cve":"CVE-2024-39484", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:mmc: davinci: Don t strip remove function when driver is builtinUsing __exit for the remove function results in the remove callback beingdiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.using sysfs or hotplug), the driver is just removed without the cleanupbeing performed. This results in resource leaks. Fix it by compiling in theremove callback unconditionally.This also fixes a W=1 modpost warning:WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch inreference: davinci_mmcsd_driver+0x10 (section: .data) ->davinci_mmcsd_remove (section: .exit.text)", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39484" + }, + { + "cve":"CVE-2024-39506", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-39506" + }, + { + "cve":"CVE-2024-40942", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n hex dump (first 32 bytes):\n 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>...........\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n hex dump (first 32 bytes):\n 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy.....\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40942" + }, + { + "cve":"CVE-2024-40947", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: Avoid blocking in RCU read-side critical section\n\nA panic happens in ima_match_policy:\n\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 42f873067 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 5 PID: 1286325 Comm: kubeletmonit.sh\nKdump: loaded Tainted: P\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n BIOS 0.0.0 02/06/2015\nRIP: 0010:ima_match_policy+0x84/0x450\nCode: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39\n 7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d\n f2 b9 f4 00 0f 84 9c 01 00 00 <44> 85 73 10 74 ea\n 44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f\nRSP: 0018:ff71570009e07a80 EFLAGS: 00010207\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200\nRDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739\nR10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970\nR13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001\nFS: 00007f5195b51740(0000)\nGS:ff3e278b12d40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ima_get_action+0x22/0x30\n process_measurement+0xb0/0x830\n ? page_add_file_rmap+0x15/0x170\n ? alloc_set_pte+0x269/0x4c0\n ? prep_new_page+0x81/0x140\n ? simple_xattr_get+0x75/0xa0\n ? selinux_file_open+0x9d/0xf0\n ima_file_check+0x64/0x90\n path_openat+0x571/0x1720\n do_filp_open+0x9b/0x110\n ? page_counter_try_charge+0x57/0xc0\n ? files_cgroup_alloc_fd+0x38/0x60\n ? __alloc_fd+0xd4/0x250\n ? do_sys_open+0x1bd/0x250\n do_sys_open+0x1bd/0x250\n do_syscall_64+0x5d/0x1d0\n entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nCommit c7423dbdbc9e (\"ima: Handle -ESTALE returned by\nima_filter_rule_match()\") introduced call to ima_lsm_copy_rule within a\nRCU read-side critical section which contains kmalloc with GFP_KERNEL.\nThis implies a possible sleep and violates limitations of RCU read-side\ncritical sections on non-PREEMPT systems.\n\nSleeping within RCU read-side critical section might cause\nsynchronize_rcu() returning early and break RCU protection, allowing a\nUAF to happen.\n\nThe root cause of this issue could be described as follows:\n|\tThread A\t|\tThread B\t|\n|\t\t\t|ima_match_policy\t|\n|\t\t\t| rcu_read_lock\t|\n|ima_lsm_update_rule\t|\t\t\t|\n| synchronize_rcu\t|\t\t\t|\n|\t\t\t| kmalloc(GFP_KERNEL)|\n|\t\t\t| sleep\t\t|\n==> synchronize_rcu returns early\n| kfree(entry)\t\t|\t\t\t|\n|\t\t\t| entry = entry->next|\n==> UAF happens and entry now becomes NULL (or could be anything).\n|\t\t\t| entry->action\t|\n==> Accessing entry might cause panic.\n\nTo fix this issue, we are converting all kmalloc that is called within\nRCU read-side critical section to use GFP_ATOMIC.\n\n[PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case]", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"LOW", + "baseScore":3.9, + "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Low", + "category":"impact" + } + ], + "title":"CVE-2024-40947" + }, + { + "cve":"CVE-2024-40960", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n find_rr_leaf net/ipv6/route.c:853 [inline]\n rt6_select net/ipv6/route.c:897 [inline]\n fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n pol_lookup_func include/net/ip6_fib.h:616 [inline]\n fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x6b6/0x1140 fs/read_write.c:590\n ksys_write+0x1f8/0x260 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40960" + }, + { + "cve":"CVE-2024-40978", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix crash while reading debugfs attribute\n\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\non a __user pointer, which results into the crash.\n\nTo fix this issue, use a small local stack buffer for sprintf() and then\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\ncall.\n\nBUG: unable to handle page fault for address: 00007f4801111000\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\nOops: 0002 [#1] PREEMPT SMP PTI\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\nRIP: 0010:memcpy_orig+0xcd/0x130\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\nFS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x183/0x510\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? memcpy_orig+0xcd/0x130\n vsnprintf+0x102/0x4c0\n sprintf+0x51/0x80\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\n full_proxy_read+0x50/0x80\n vfs_read+0xa5/0x2e0\n ? folio_add_new_anon_rmap+0x44/0xa0\n ? set_pte_at+0x15/0x30\n ? do_pte_missing+0x426/0x7f0\n ksys_read+0xa5/0xe0\n do_syscall_64+0x58/0x80\n ? __count_memcg_events+0x46/0x90\n ? count_memcg_event_mm+0x3d/0x60\n ? handle_mm_fault+0x196/0x2f0\n ? do_user_addr_fault+0x267/0x890\n ? exc_page_fault+0x69/0x150\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4800f20b4d", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40978" + }, + { + "cve":"CVE-2024-40981", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\n\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\n\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n\n[1]\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\n hardirqs last enabled at (6182793): [] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\n hardirqs last disabled at (6182794): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (6182794): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (6182792): [] spin_unlock_bh include/linux/spinlock.h:396 [inline]\n softirqs last enabled at (6182792): [] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n softirqs last disabled at (6182790): [] spin_lock_bh include/linux/spinlock.h:356 [inline]\n softirqs last disabled at (6182790): [] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\n pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\n lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\n arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\n lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40981" + }, + { + "cve":"CVE-2024-40988", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40988" + }, + { + "cve":"CVE-2024-40995", + "notes":[ + { + "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ], + "details":"kernel security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":5.5, + "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.aarch64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.src", + "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2408.1.0.0288.oe2003sp4.x86_64", + "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2408.1.0.0288.oe2003sp4.x86_64" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-40995" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1945.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1945.json new file mode 100644 index 0000000..e8986ca --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1945.json @@ -0,0 +1,235 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"python-urllib3 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for python-urllib3 is now available for openEuler-22.03-LTS-SP1.", + "category":"general", + "title":"Summary" + }, + { + "text":"Sanity-friendly HTTP client for Python\n\nSecurity Fix(es):\n\n urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.(CVE-2024-37891)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for python-urllib3 is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"python-urllib3", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1945", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1945" + }, + { + "summary":"CVE-2024-37891", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37891&packageName=python-urllib3" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891" + }, + { + "summary":"openEuler-SA-2024-1945 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1945.json" + } + ], + "title":"An update for python-urllib3 is now available for openEuler-22.03-LTS-SP1", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:28+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:28+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:28+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:28+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:28+08:00", + "id":"openEuler-SA-2024-1945", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"openEuler-22.03-LTS-SP1", + "name":"openEuler-22.03-LTS-SP1" + }, + "name":"openEuler-22.03-LTS-SP1", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python3-urllib3-1.26.12-7.oe2203sp1.noarch.rpm", + "name":"python3-urllib3-1.26.12-7.oe2203sp1.noarch.rpm" + }, + "name":"python3-urllib3-1.26.12-7.oe2203sp1.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" + }, + "product_id":"python-urllib3-1.26.12-7.oe2203sp1.src.rpm", + "name":"python-urllib3-1.26.12-7.oe2203sp1.src.rpm" + }, + "name":"python-urllib3-1.26.12-7.oe2203sp1.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python3-urllib3-1.26.12-7.oe2203sp1.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python3-urllib3-1.26.12-7.oe2203sp1.noarch", + "name":"python3-urllib3-1.26.12-7.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP1", + "product_reference":"python-urllib3-1.26.12-7.oe2203sp1.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP1:python-urllib3-1.26.12-7.oe2203sp1.src", + "name":"python-urllib3-1.26.12-7.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-37891", + "notes":[ + { + "text":" urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP1:python3-urllib3-1.26.12-7.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python-urllib3-1.26.12-7.oe2203sp1.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP1:python3-urllib3-1.26.12-7.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python-urllib3-1.26.12-7.oe2203sp1.src" + ], + "details":"python-urllib3 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1945" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP1:python3-urllib3-1.26.12-7.oe2203sp1.noarch", + "openEuler-22.03-LTS-SP1:python-urllib3-1.26.12-7.oe2203sp1.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-37891" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1946.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1946.json new file mode 100644 index 0000000..01485f3 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1946.json @@ -0,0 +1,235 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"python-urllib3 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for python-urllib3 is now available for openEuler-22.03-LTS-SP3.", + "category":"general", + "title":"Summary" + }, + { + "text":"Sanity-friendly HTTP client for Python\n\nSecurity Fix(es):\n\n urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.(CVE-2024-37891)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for python-urllib3 is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"python-urllib3", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1946", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1946" + }, + { + "summary":"CVE-2024-37891", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37891&packageName=python-urllib3" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891" + }, + { + "summary":"openEuler-SA-2024-1946 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1946.json" + } + ], + "title":"An update for python-urllib3 is now available for openEuler-22.03-LTS-SP3", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:29+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:29+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:29+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:29+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:29+08:00", + "id":"openEuler-SA-2024-1946", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"openEuler-22.03-LTS-SP3", + "name":"openEuler-22.03-LTS-SP3" + }, + "name":"openEuler-22.03-LTS-SP3", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python3-urllib3-1.26.12-7.oe2203sp3.noarch.rpm", + "name":"python3-urllib3-1.26.12-7.oe2203sp3.noarch.rpm" + }, + "name":"python3-urllib3-1.26.12-7.oe2203sp3.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" + }, + "product_id":"python-urllib3-1.26.12-7.oe2203sp3.src.rpm", + "name":"python-urllib3-1.26.12-7.oe2203sp3.src.rpm" + }, + "name":"python-urllib3-1.26.12-7.oe2203sp3.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python3-urllib3-1.26.12-7.oe2203sp3.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python3-urllib3-1.26.12-7.oe2203sp3.noarch", + "name":"python3-urllib3-1.26.12-7.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-22.03-LTS-SP3", + "product_reference":"python-urllib3-1.26.12-7.oe2203sp3.src.rpm", + "full_product_name":{ + "product_id":"openEuler-22.03-LTS-SP3:python-urllib3-1.26.12-7.oe2203sp3.src", + "name":"python-urllib3-1.26.12-7.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-37891", + "notes":[ + { + "text":" urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-22.03-LTS-SP3:python3-urllib3-1.26.12-7.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python-urllib3-1.26.12-7.oe2203sp3.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-22.03-LTS-SP3:python3-urllib3-1.26.12-7.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python-urllib3-1.26.12-7.oe2203sp3.src" + ], + "details":"python-urllib3 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1946" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-22.03-LTS-SP3:python3-urllib3-1.26.12-7.oe2203sp3.noarch", + "openEuler-22.03-LTS-SP3:python-urllib3-1.26.12-7.oe2203sp3.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-37891" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1947.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1947.json new file mode 100644 index 0000000..aefb202 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1947.json @@ -0,0 +1,235 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Medium" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"python-urllib3 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for python-urllib3 is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"Sanity-friendly HTTP client for Python\n\nSecurity Fix(es):\n\n urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.(CVE-2024-37891)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for python-urllib3 is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Medium", + "category":"general", + "title":"Severity" + }, + { + "text":"python-urllib3", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1947", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1947" + }, + { + "summary":"CVE-2024-37891", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37891&packageName=python-urllib3" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891" + }, + { + "summary":"openEuler-SA-2024-1947 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1947.json" + } + ], + "title":"An update for python-urllib3 is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:30+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:30+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:30+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:30+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:30+08:00", + "id":"openEuler-SA-2024-1947", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-urllib3-1.26.18-2.oe2403.noarch.rpm", + "name":"python3-urllib3-1.26.18-2.oe2403.noarch.rpm" + }, + "name":"python3-urllib3-1.26.18-2.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python-urllib3-1.26.18-2.oe2403.src.rpm", + "name":"python-urllib3-1.26.18-2.oe2403.src.rpm" + }, + "name":"python-urllib3-1.26.18-2.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-urllib3-1.26.18-2.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-urllib3-1.26.18-2.oe2403.noarch", + "name":"python3-urllib3-1.26.18-2.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python-urllib3-1.26.18-2.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python-urllib3-1.26.18-2.oe2403.src", + "name":"python-urllib3-1.26.18-2.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-37891", + "notes":[ + { + "text":" urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:python3-urllib3-1.26.18-2.oe2403.noarch", + "openEuler-24.03-LTS:python-urllib3-1.26.18-2.oe2403.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:python3-urllib3-1.26.18-2.oe2403.noarch", + "openEuler-24.03-LTS:python-urllib3-1.26.18-2.oe2403.src" + ], + "details":"python-urllib3 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1947" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"MEDIUM", + "baseScore":4.4, + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:python3-urllib3-1.26.18-2.oe2403.noarch", + "openEuler-24.03-LTS:python-urllib3-1.26.18-2.oe2403.src" + ] + } + ], + "threats":[ + { + "details":"Medium", + "category":"impact" + } + ], + "title":"CVE-2024-37891" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1948.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1948.json new file mode 100644 index 0000000..1c6cdc0 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1948.json @@ -0,0 +1,258 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"High" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"python-django security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for python-django is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.\n\nSecurity Fix(es):\n\nAn issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.(CVE-2024-38875)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for python-django is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"High", + "category":"general", + "title":"Severity" + }, + { + "text":"python-django", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1948", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1948" + }, + { + "summary":"CVE-2024-38875", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38875&packageName=python-django" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38875" + }, + { + "summary":"openEuler-SA-2024-1948 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1948.json" + } + ], + "title":"An update for python-django is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:32+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:32+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:32+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:32+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:32+08:00", + "id":"openEuler-SA-2024-1948", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-Django-4.2.14-1.oe2403.noarch.rpm", + "name":"python3-Django-4.2.14-1.oe2403.noarch.rpm" + }, + "name":"python3-Django-4.2.14-1.oe2403.noarch.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python-django-help-4.2.14-1.oe2403.noarch.rpm", + "name":"python-django-help-4.2.14-1.oe2403.noarch.rpm" + }, + "name":"python-django-help-4.2.14-1.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python-django-4.2.14-1.oe2403.src.rpm", + "name":"python-django-4.2.14-1.oe2403.src.rpm" + }, + "name":"python-django-4.2.14-1.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-Django-4.2.14-1.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-Django-4.2.14-1.oe2403.noarch", + "name":"python3-Django-4.2.14-1.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python-django-help-4.2.14-1.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python-django-help-4.2.14-1.oe2403.noarch", + "name":"python-django-help-4.2.14-1.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python-django-4.2.14-1.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python-django-4.2.14-1.oe2403.src", + "name":"python-django-4.2.14-1.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-38875", + "notes":[ + { + "text":"An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:python3-Django-4.2.14-1.oe2403.noarch", + "openEuler-24.03-LTS:python-django-help-4.2.14-1.oe2403.noarch", + "openEuler-24.03-LTS:python-django-4.2.14-1.oe2403.src" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:python3-Django-4.2.14-1.oe2403.noarch", + "openEuler-24.03-LTS:python-django-help-4.2.14-1.oe2403.noarch", + "openEuler-24.03-LTS:python-django-4.2.14-1.oe2403.src" + ], + "details":"python-django security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1948" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"HIGH", + "baseScore":7.5, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:python3-Django-4.2.14-1.oe2403.noarch", + "openEuler-24.03-LTS:python-django-help-4.2.14-1.oe2403.noarch", + "openEuler-24.03-LTS:python-django-4.2.14-1.oe2403.src" + ] + } + ], + "threats":[ + { + "details":"High", + "category":"impact" + } + ], + "title":"CVE-2024-38875" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1949.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1949.json new file mode 100644 index 0000000..b5eb50f --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1949.json @@ -0,0 +1,448 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Critical" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"aom security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for aom is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"The Alliance for Open Media’s focus is to deliver a next-generation video format that is:\n\nSecurity Fix(es):\n\nInteger overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:\n\n\n * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.(CVE-2024-5171)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for aom is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Critical", + "category":"general", + "title":"Severity" + }, + { + "text":"aom", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1949", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1949" + }, + { + "summary":"CVE-2024-5171", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5171&packageName=aom" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5171" + }, + { + "summary":"openEuler-SA-2024-1949 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1949.json" + } + ], + "title":"An update for aom is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:33+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:33+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T11:31:33+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T11:31:33+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T11:31:33+08:00", + "id":"openEuler-SA-2024-1949", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"aom-3.8.0-2.oe2403.aarch64.rpm", + "name":"aom-3.8.0-2.oe2403.aarch64.rpm" + }, + "name":"aom-3.8.0-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm", + "name":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm" + }, + "name":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm", + "name":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm" + }, + "name":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libaom-3.8.0-2.oe2403.aarch64.rpm", + "name":"libaom-3.8.0-2.oe2403.aarch64.rpm" + }, + "name":"libaom-3.8.0-2.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm", + "name":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm" + }, + "name":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"aom-3.8.0-2.oe2403.src.rpm", + "name":"aom-3.8.0-2.oe2403.src.rpm" + }, + "name":"aom-3.8.0-2.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm", + "name":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm" + }, + "name":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm", + "name":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm" + }, + "name":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libaom-3.8.0-2.oe2403.x86_64.rpm", + "name":"libaom-3.8.0-2.oe2403.x86_64.rpm" + }, + "name":"libaom-3.8.0-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm", + "name":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm" + }, + "name":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"aom-3.8.0-2.oe2403.x86_64.rpm", + "name":"aom-3.8.0-2.oe2403.x86_64.rpm" + }, + "name":"aom-3.8.0-2.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"aom-3.8.0-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64", + "name":"aom-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64", + "name":"aom-debuginfo-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64", + "name":"libaom-devel-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libaom-3.8.0-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64", + "name":"libaom-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64", + "name":"aom-debugsource-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"aom-3.8.0-2.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src", + "name":"aom-3.8.0-2.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64", + "name":"libaom-devel-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64", + "name":"aom-debugsource-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libaom-3.8.0-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64", + "name":"libaom-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64", + "name":"aom-debuginfo-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"aom-3.8.0-2.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64", + "name":"aom-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-5171", + "notes":[ + { + "text":"Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:\n\n\n * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src", + "openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src", + "openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64" + ], + "details":"aom security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1949" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"CRITICAL", + "baseScore":9.8, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64", + "openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src", + "openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64", + "openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Critical", + "category":"impact" + } + ], + "title":"CVE-2024-5171" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/2024/csaf-openEuler-SA-2024-1950.json b/csaf/advisories/2024/csaf-openEuler-SA-2024-1950.json new file mode 100644 index 0000000..45739c5 --- /dev/null +++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1950.json @@ -0,0 +1,477 @@ +{ + "document":{ + "aggregate_severity":{ + "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", + "text":"Critical" + }, + "category":"csaf_vex", + "csaf_version":"2.0", + "distribution":{ + "tlp":{ + "label":"WHITE", + "url":"https:/www.first.org/tlp/" + } + }, + "lang":"en", + "notes":[ + { + "text":"libxml2 security update", + "category":"general", + "title":"Synopsis" + }, + { + "text":"An update for libxml2 is now available for openEuler-24.03-LTS.", + "category":"general", + "title":"Summary" + }, + { + "text":"This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.\n\nSecurity Fix(es):\n\n(CVE-2024-40896)", + "category":"general", + "title":"Description" + }, + { + "text":"An update for libxml2 is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", + "category":"general", + "title":"Topic" + }, + { + "text":"Critical", + "category":"general", + "title":"Severity" + }, + { + "text":"libxml2", + "category":"general", + "title":"Affected Component" + } + ], + "publisher":{ + "issuing_authority":"openEuler security committee", + "name":"openEuler", + "namespace":"https://www.openeuler.org", + "contact_details":"openeuler-security@openeuler.org", + "category":"vendor" + }, + "references":[ + { + "summary":"openEuler-SA-2024-1950", + "category":"self", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1950" + }, + { + "summary":"CVE-2024-40896", + "category":"self", + "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40896&packageName=libxml2" + }, + { + "summary":"nvd cve", + "category":"external", + "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40896" + }, + { + "summary":"openEuler-SA-2024-1950 vex file", + "category":"self", + "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1950.json" + } + ], + "title":"An update for libxml2 is now available for openEuler-24.03-LTS", + "tracking":{ + "initial_release_date":"2024-08-02T19:42:34+08:00", + "revision_history":[ + { + "date":"2024-08-02T19:42:34+08:00", + "summary":"Initial", + "number":"1.0.0" + }, + { + "date":"2024-08-05T10:55:00+08:00", + "summary":"final", + "number":"2.0.0" + } + ], + "generator":{ + "date":"2024-08-05T10:55:00+08:00", + "engine":{ + "name":"openEuler CSAF Tool V1.0" + } + }, + "current_release_date":"2024-08-05T10:55:00+08:00", + "id":"openEuler-SA-2024-1950", + "version":"2.0.0", + "status":"final" + } + }, + "product_tree":{ + "branches":[ + { + "name":"openEuler", + "category":"vendor", + "branches":[ + { + "name":"openEuler", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"openEuler-24.03-LTS", + "name":"openEuler-24.03-LTS" + }, + "name":"openEuler-24.03-LTS", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"aarch64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libxml2-devel-2.11.5-4.oe2403.aarch64.rpm", + "name":"libxml2-devel-2.11.5-4.oe2403.aarch64.rpm" + }, + "name":"libxml2-devel-2.11.5-4.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-libxml2-2.11.5-4.oe2403.aarch64.rpm", + "name":"python3-libxml2-2.11.5-4.oe2403.aarch64.rpm" + }, + "name":"python3-libxml2-2.11.5-4.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libxml2-2.11.5-4.oe2403.aarch64.rpm", + "name":"libxml2-2.11.5-4.oe2403.aarch64.rpm" + }, + "name":"libxml2-2.11.5-4.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libxml2-debuginfo-2.11.5-4.oe2403.aarch64.rpm", + "name":"libxml2-debuginfo-2.11.5-4.oe2403.aarch64.rpm" + }, + "name":"libxml2-debuginfo-2.11.5-4.oe2403.aarch64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libxml2-debugsource-2.11.5-4.oe2403.aarch64.rpm", + "name":"libxml2-debugsource-2.11.5-4.oe2403.aarch64.rpm" + }, + "name":"libxml2-debugsource-2.11.5-4.oe2403.aarch64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"noarch", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libxml2-help-2.11.5-4.oe2403.noarch.rpm", + "name":"libxml2-help-2.11.5-4.oe2403.noarch.rpm" + }, + "name":"libxml2-help-2.11.5-4.oe2403.noarch.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"src", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libxml2-2.11.5-4.oe2403.src.rpm", + "name":"libxml2-2.11.5-4.oe2403.src.rpm" + }, + "name":"libxml2-2.11.5-4.oe2403.src.rpm", + "category":"product_version" + } + ], + "category":"product_name" + }, + { + "name":"x86_64", + "branches":[ + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libxml2-debugsource-2.11.5-4.oe2403.x86_64.rpm", + "name":"libxml2-debugsource-2.11.5-4.oe2403.x86_64.rpm" + }, + "name":"libxml2-debugsource-2.11.5-4.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libxml2-2.11.5-4.oe2403.x86_64.rpm", + "name":"libxml2-2.11.5-4.oe2403.x86_64.rpm" + }, + "name":"libxml2-2.11.5-4.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libxml2-devel-2.11.5-4.oe2403.x86_64.rpm", + "name":"libxml2-devel-2.11.5-4.oe2403.x86_64.rpm" + }, + "name":"libxml2-devel-2.11.5-4.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"libxml2-debuginfo-2.11.5-4.oe2403.x86_64.rpm", + "name":"libxml2-debuginfo-2.11.5-4.oe2403.x86_64.rpm" + }, + "name":"libxml2-debuginfo-2.11.5-4.oe2403.x86_64.rpm", + "category":"product_version" + }, + { + "product":{ + "product_identification_helper":{ + "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" + }, + "product_id":"python3-libxml2-2.11.5-4.oe2403.x86_64.rpm", + "name":"python3-libxml2-2.11.5-4.oe2403.x86_64.rpm" + }, + "name":"python3-libxml2-2.11.5-4.oe2403.x86_64.rpm", + "category":"product_version" + } + ], + "category":"product_name" + } + ] + } + ], + "relationships":[ + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libxml2-devel-2.11.5-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libxml2-devel-2.11.5-4.oe2403.aarch64", + "name":"libxml2-devel-2.11.5-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-libxml2-2.11.5-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-libxml2-2.11.5-4.oe2403.aarch64", + "name":"python3-libxml2-2.11.5-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libxml2-2.11.5-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.aarch64", + "name":"libxml2-2.11.5-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libxml2-debuginfo-2.11.5-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libxml2-debuginfo-2.11.5-4.oe2403.aarch64", + "name":"libxml2-debuginfo-2.11.5-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libxml2-debugsource-2.11.5-4.oe2403.aarch64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libxml2-debugsource-2.11.5-4.oe2403.aarch64", + "name":"libxml2-debugsource-2.11.5-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libxml2-help-2.11.5-4.oe2403.noarch.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libxml2-help-2.11.5-4.oe2403.noarch", + "name":"libxml2-help-2.11.5-4.oe2403.noarch as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libxml2-2.11.5-4.oe2403.src.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.src", + "name":"libxml2-2.11.5-4.oe2403.src as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libxml2-debugsource-2.11.5-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libxml2-debugsource-2.11.5-4.oe2403.x86_64", + "name":"libxml2-debugsource-2.11.5-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libxml2-2.11.5-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.x86_64", + "name":"libxml2-2.11.5-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libxml2-devel-2.11.5-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libxml2-devel-2.11.5-4.oe2403.x86_64", + "name":"libxml2-devel-2.11.5-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"libxml2-debuginfo-2.11.5-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:libxml2-debuginfo-2.11.5-4.oe2403.x86_64", + "name":"libxml2-debuginfo-2.11.5-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + }, + { + "relates_to_product_reference":"openEuler-24.03-LTS", + "product_reference":"python3-libxml2-2.11.5-4.oe2403.x86_64.rpm", + "full_product_name":{ + "product_id":"openEuler-24.03-LTS:python3-libxml2-2.11.5-4.oe2403.x86_64", + "name":"python3-libxml2-2.11.5-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" + }, + "category":"default_component_of" + } + ] + }, + "vulnerabilities":[ + { + "cve":"CVE-2024-40896", + "notes":[ + { + "text":"null", + "category":"description", + "title":"Vulnerability Description" + } + ], + "product_status":{ + "fixed":[ + "openEuler-24.03-LTS:libxml2-devel-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-libxml2-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-debuginfo-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-debugsource-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-help-2.11.5-4.oe2403.noarch", + "openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.src", + "openEuler-24.03-LTS:libxml2-debugsource-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:libxml2-devel-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:libxml2-debuginfo-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-libxml2-2.11.5-4.oe2403.x86_64" + ] + }, + "remediations":[ + { + "product_ids":[ + "openEuler-24.03-LTS:libxml2-devel-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-libxml2-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-debuginfo-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-debugsource-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-help-2.11.5-4.oe2403.noarch", + "openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.src", + "openEuler-24.03-LTS:libxml2-debugsource-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:libxml2-devel-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:libxml2-debuginfo-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-libxml2-2.11.5-4.oe2403.x86_64" + ], + "details":"libxml2 security update", + "category":"vendor_fix", + "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1950" + } + ], + "scores":[ + { + "cvss_v3":{ + "baseSeverity":"CRITICAL", + "baseScore":9.1, + "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "version":"3.1" + }, + "products":[ + "openEuler-24.03-LTS:libxml2-devel-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:python3-libxml2-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-debuginfo-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-debugsource-2.11.5-4.oe2403.aarch64", + "openEuler-24.03-LTS:libxml2-help-2.11.5-4.oe2403.noarch", + "openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.src", + "openEuler-24.03-LTS:libxml2-debugsource-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:libxml2-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:libxml2-devel-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:libxml2-debuginfo-2.11.5-4.oe2403.x86_64", + "openEuler-24.03-LTS:python3-libxml2-2.11.5-4.oe2403.x86_64" + ] + } + ], + "threats":[ + { + "details":"Critical", + "category":"impact" + } + ], + "title":"CVE-2024-40896" + } + ] +} \ No newline at end of file diff --git a/csaf/advisories/index.txt b/csaf/advisories/index.txt index da25de9..9604de8 100644 --- a/csaf/advisories/index.txt +++ b/csaf/advisories/index.txt @@ -1,34 +1,34 @@ -2024/csaf-openEuler-SA-2024-1816.json -2024/csaf-openEuler-SA-2024-1817.json -2024/csaf-openEuler-SA-2024-1818.json -2024/csaf-openEuler-SA-2024-1819.json -2024/csaf-openEuler-SA-2024-1820.json -2024/csaf-openEuler-SA-2024-1821.json -2024/csaf-openEuler-SA-2024-1822.json -2024/csaf-openEuler-SA-2024-1823.json -2024/csaf-openEuler-SA-2024-1824.json -2024/csaf-openEuler-SA-2024-1825.json -2024/csaf-openEuler-SA-2024-1826.json -2024/csaf-openEuler-SA-2024-1827.json -2024/csaf-openEuler-SA-2024-1828.json -2024/csaf-openEuler-SA-2024-1829.json -2024/csaf-openEuler-SA-2024-1830.json -2024/csaf-openEuler-SA-2024-1831.json -2024/csaf-openEuler-SA-2024-1832.json -2024/csaf-openEuler-SA-2024-1833.json -2024/csaf-openEuler-SA-2024-1834.json -2024/csaf-openEuler-SA-2024-1835.json -2024/csaf-openEuler-SA-2024-1836.json -2024/csaf-openEuler-SA-2024-1837.json -2024/csaf-openEuler-SA-2024-1838.json -2024/csaf-openEuler-SA-2024-1839.json -2024/csaf-openEuler-SA-2024-1840.json -2024/csaf-openEuler-SA-2024-1841.json -2024/csaf-openEuler-SA-2024-1842.json -2024/csaf-openEuler-SA-2024-1843.json -2024/csaf-openEuler-SA-2024-1844.json -2024/csaf-openEuler-SA-2024-1845.json -46.json +2024/csaf-openEuler-SA-2024-1816.json +2024/csaf-openEuler-SA-2024-1817.json +2024/csaf-openEuler-SA-2024-1818.json +2024/csaf-openEuler-SA-2024-1819.json +2024/csaf-openEuler-SA-2024-1820.json +2024/csaf-openEuler-SA-2024-1821.json +2024/csaf-openEuler-SA-2024-1822.json +2024/csaf-openEuler-SA-2024-1823.json +2024/csaf-openEuler-SA-2024-1824.json +2024/csaf-openEuler-SA-2024-1825.json +2024/csaf-openEuler-SA-2024-1826.json +2024/csaf-openEuler-SA-2024-1827.json +2024/csaf-openEuler-SA-2024-1828.json +2024/csaf-openEuler-SA-2024-1829.json +2024/csaf-openEuler-SA-2024-1830.json +2024/csaf-openEuler-SA-2024-1831.json +2024/csaf-openEuler-SA-2024-1832.json +2024/csaf-openEuler-SA-2024-1833.json +2024/csaf-openEuler-SA-2024-1834.json +2024/csaf-openEuler-SA-2024-1835.json +2024/csaf-openEuler-SA-2024-1836.json +2024/csaf-openEuler-SA-2024-1837.json +2024/csaf-openEuler-SA-2024-1838.json +2024/csaf-openEuler-SA-2024-1839.json +2024/csaf-openEuler-SA-2024-1840.json +2024/csaf-openEuler-SA-2024-1841.json +2024/csaf-openEuler-SA-2024-1842.json +2024/csaf-openEuler-SA-2024-1843.json +2024/csaf-openEuler-SA-2024-1844.json +2024/csaf-openEuler-SA-2024-1845.json +2024/csaf-openEuler-SA-2024-1846.json 2024/csaf-openEuler-SA-2024-1847.json 2024/csaf-openEuler-SA-2024-1848.json 2024/csaf-openEuler-SA-2024-1849.json @@ -63,3 +63,73 @@ 2024/csaf-openEuler-SA-2024-1878.json 2024/csaf-openEuler-SA-2024-1879.json 2024/csaf-openEuler-SA-2024-1880.json +2024/csaf-openEuler-SA-2024-1881.json +2024/csaf-openEuler-SA-2024-1882.json +2024/csaf-openEuler-SA-2024-1883.json +2024/csaf-openEuler-SA-2024-1884.json +2024/csaf-openEuler-SA-2024-1885.json +2024/csaf-openEuler-SA-2024-1886.json +2024/csaf-openEuler-SA-2024-1887.json +2024/csaf-openEuler-SA-2024-1888.json +2024/csaf-openEuler-SA-2024-1889.json +2024/csaf-openEuler-SA-2024-1890.json +2024/csaf-openEuler-SA-2024-1891.json +2024/csaf-openEuler-SA-2024-1892.json +2024/csaf-openEuler-SA-2024-1893.json +2024/csaf-openEuler-SA-2024-1894.json +2024/csaf-openEuler-SA-2024-1895.json +2024/csaf-openEuler-SA-2024-1896.json +2024/csaf-openEuler-SA-2024-1897.json +2024/csaf-openEuler-SA-2024-1898.json +2024/csaf-openEuler-SA-2024-1899.json +2024/csaf-openEuler-SA-2024-1900.json +2024/csaf-openEuler-SA-2024-1901.json +2024/csaf-openEuler-SA-2024-1902.json +2024/csaf-openEuler-SA-2024-1903.json +2024/csaf-openEuler-SA-2024-1904.json +2024/csaf-openEuler-SA-2024-1905.json +2024/csaf-openEuler-SA-2024-1906.json +2024/csaf-openEuler-SA-2024-1907.json +2024/csaf-openEuler-SA-2024-1908.json +2024/csaf-openEuler-SA-2024-1909.json +2024/csaf-openEuler-SA-2024-1910.json +2024/csaf-openEuler-SA-2024-1911.json +2024/csaf-openEuler-SA-2024-1912.json +2024/csaf-openEuler-SA-2024-1913.json +2024/csaf-openEuler-SA-2024-1914.json +2024/csaf-openEuler-SA-2024-1915.json +2024/csaf-openEuler-SA-2024-1916.json +2024/csaf-openEuler-SA-2024-1917.json +2024/csaf-openEuler-SA-2024-1918.json +2024/csaf-openEuler-SA-2024-1919.json +2024/csaf-openEuler-SA-2024-1920.json +2024/csaf-openEuler-SA-2024-1921.json +2024/csaf-openEuler-SA-2024-1922.json +2024/csaf-openEuler-SA-2024-1923.json +2024/csaf-openEuler-SA-2024-1924.json +2024/csaf-openEuler-SA-2024-1925.json +2024/csaf-openEuler-SA-2024-1926.json +2024/csaf-openEuler-SA-2024-1927.json +2024/csaf-openEuler-SA-2024-1928.json +2024/csaf-openEuler-SA-2024-1929.json +2024/csaf-openEuler-SA-2024-1930.json +2024/csaf-openEuler-SA-2024-1931.json +2024/csaf-openEuler-SA-2024-1932.json +2024/csaf-openEuler-SA-2024-1933.json +2024/csaf-openEuler-SA-2024-1934.json +2024/csaf-openEuler-SA-2024-1935.json +2024/csaf-openEuler-SA-2024-1936.json +2024/csaf-openEuler-SA-2024-1937.json +2024/csaf-openEuler-SA-2024-1938.json +2024/csaf-openEuler-SA-2024-1939.json +2024/csaf-openEuler-SA-2024-1940.json +2024/csaf-openEuler-SA-2024-1941.json +2024/csaf-openEuler-SA-2024-1942.json +2024/csaf-openEuler-SA-2024-1943.json +2024/csaf-openEuler-SA-2024-1944.json +2024/csaf-openEuler-SA-2024-1945.json +2024/csaf-openEuler-SA-2024-1946.json +2024/csaf-openEuler-SA-2024-1947.json +2024/csaf-openEuler-SA-2024-1948.json +2024/csaf-openEuler-SA-2024-1949.json +2024/csaf-openEuler-SA-2024-1950.json diff --git a/csaf/download.sh b/csaf/download.sh new file mode 100755 index 0000000..edd8ecc --- /dev/null +++ b/csaf/download.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash +# Filename: download.sh +# author: 'Jia Chao' + +cd ./advisories +touch index.txt +wget http://mirrors.ustc.edu.cn/openeuler/security/data/csaf/advisories/index.txt -O new.txt 2> /dev/null + +diff new.txt index.txt | rg '<' | awk '{print $2}' | while read line +do + wget -c http://mirrors.ustc.edu.cn/openeuler/security/data/csaf/advisories/$line -O $line +done + +mv new.txt index.txt diff --git a/cusa/a/aom/config.json b/cusa/a/aom/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/a/aom/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/a/assimp/config.json b/cusa/a/assimp/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/a/assimp/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/a/avro/config.json b/cusa/a/avro/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/a/avro/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/b/botan2/config.json b/cusa/b/botan2/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/b/botan2/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/b/busybox/config.json b/cusa/b/busybox/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/b/busybox/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/d/dnsjava/config.json b/cusa/d/dnsjava/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/d/dnsjava/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/d/dnsmasq/config.json b/cusa/d/dnsmasq/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/d/dnsmasq/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/e/edk2/config.json b/cusa/e/edk2/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/e/edk2/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/e/exim/config.json b/cusa/e/exim/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/e/exim/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/g/gtk2/config.json b/cusa/g/gtk2/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/g/gtk2/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/g/gtk3/config.json b/cusa/g/gtk3/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/g/gtk3/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/j/openjdk-11/config.json b/cusa/j/openjdk-11/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/j/openjdk-11/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/l/libxml2/config.json b/cusa/l/libxml2/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/l/libxml2/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/m/mpv/config.json b/cusa/m/mpv/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/m/mpv/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/m/mysql/config.json b/cusa/m/mysql/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/m/mysql/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/p/plasma-workspace/config.json b/cusa/p/plasma-workspace/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/p/plasma-workspace/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/p/python-django/config.json b/cusa/p/python-django/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/p/python-django/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/p/python-setuptools/config.json b/cusa/p/python-setuptools/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/p/python-setuptools/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/p/python-urllib3/config.json b/cusa/p/python-urllib3/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/p/python-urllib3/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/p/python-zipp/config.json b/cusa/p/python-zipp/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/p/python-zipp/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/p/python3/config.json b/cusa/p/python3/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/p/python3/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file