5865 lines
428 KiB
JSON
5865 lines
428 KiB
JSON
{
|
|
"document":{
|
|
"aggregate_severity":{
|
|
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
|
|
"text":"Critical"
|
|
},
|
|
"category":"csaf_vex",
|
|
"csaf_version":"2.0",
|
|
"distribution":{
|
|
"tlp":{
|
|
"label":"WHITE",
|
|
"url":"https:/www.first.org/tlp/"
|
|
}
|
|
},
|
|
"lang":"en",
|
|
"notes":[
|
|
{
|
|
"text":"kernel security update",
|
|
"category":"general",
|
|
"title":"Synopsis"
|
|
},
|
|
{
|
|
"text":"An update for kernel is now available for openEuler-22.03-LTS-SP3",
|
|
"category":"general",
|
|
"title":"Summary"
|
|
},
|
|
{
|
|
"text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Fix DSP oops stack dump output contents\n\nFix @buf arg given to hex_dump_to_buffer() and stack address used\nin dump error output.(CVE-2021-47381)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9170/1: fix panic when kasan and kprobe are enabled\n\narm32 uses software to simulate the instruction replaced\nby kprobe. some instructions may be simulated by constructing\nassembly functions. therefore, before executing instruction\nsimulation, it is necessary to construct assembly function\nexecution environment in C language through binding registers.\nafter kasan is enabled, the register binding relationship will\nbe destroyed, resulting in instruction simulation errors and\ncausing kernel panic.\n\nthe kprobe emulate instruction function is distributed in three\nfiles: actions-common.c actions-arm.c actions-thumb.c, so disable\nKASAN when compiling these files.\n\nfor example, use kprobe insert on cap_capable+20 after kasan\nenabled, the cap_capable assembly code is as follows:\n<cap_capable>:\ne92d47f0\tpush\t{r4, r5, r6, r7, r8, r9, sl, lr}\ne1a05000\tmov\tr5, r0\ne280006c\tadd\tr0, r0, #108 ; 0x6c\ne1a04001\tmov\tr4, r1\ne1a06002\tmov\tr6, r2\ne59fa090\tldr\tsl, [pc, #144] ;\nebfc7bf8\tbl\tc03aa4b4 <__asan_load4>\ne595706c\tldr\tr7, [r5, #108] ; 0x6c\ne2859014\tadd\tr9, r5, #20\n......\nThe emulate_ldr assembly code after enabling kasan is as follows:\nc06f1384 <emulate_ldr>:\ne92d47f0\tpush\t{r4, r5, r6, r7, r8, r9, sl, lr}\ne282803c\tadd\tr8, r2, #60 ; 0x3c\ne1a05000\tmov\tr5, r0\ne7e37855\tubfx\tr7, r5, #16, #4\ne1a00008\tmov\tr0, r8\ne1a09001\tmov\tr9, r1\ne1a04002\tmov\tr4, r2\nebf35462\tbl\tc03c6530 <__asan_load4>\ne357000f\tcmp\tr7, #15\ne7e36655\tubfx\tr6, r5, #12, #4\ne205a00f\tand\tsl, r5, #15\n0a000001\tbeq\tc06f13bc <emulate_ldr+0x38>\ne0840107\tadd\tr0, r4, r7, lsl #2\nebf3545c\tbl\tc03c6530 <__asan_load4>\ne084010a\tadd\tr0, r4, sl, lsl #2\nebf3545a\tbl\tc03c6530 <__asan_load4>\ne2890010\tadd\tr0, r9, #16\nebf35458\tbl\tc03c6530 <__asan_load4>\ne5990010\tldr\tr0, [r9, #16]\ne12fff30\tblx\tr0\ne356000f\tcm\tr6, #15\n1a000014\tbne\tc06f1430 <emulate_ldr+0xac>\ne1a06000\tmov\tr6, r0\ne2840040\tadd\tr0, r4, #64 ; 0x40\n......\n\nwhen running in emulate_ldr to simulate the ldr instruction, panic\noccurred, and the log is as follows:\nUnable to handle kernel NULL pointer dereference at virtual address\n00000090\npgd = ecb46400\n[00000090] *pgd=2e0fa003, *pmd=00000000\nInternal error: Oops: 206 [#1] SMP ARM\nPC is at cap_capable+0x14/0xb0\nLR is at emulate_ldr+0x50/0xc0\npsr: 600d0293 sp : ecd63af8 ip : 00000004 fp : c0a7c30c\nr10: 00000000 r9 : c30897f4 r8 : ecd63cd4\nr7 : 0000000f r6 : 0000000a r5 : e59fa090 r4 : ecd63c98\nr3 : c06ae294 r2 : 00000000 r1 : b7611300 r0 : bf4ec008\nFlags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user\nControl: 32c5387d Table: 2d546400 DAC: 55555555\nProcess bash (pid: 1643, stack limit = 0xecd60190)\n(cap_capable) from (kprobe_handler+0x218/0x340)\n(kprobe_handler) from (kprobe_trap_handler+0x24/0x48)\n(kprobe_trap_handler) from (do_undefinstr+0x13c/0x364)\n(do_undefinstr) from (__und_svc_finish+0x0/0x30)\n(__und_svc_finish) from (cap_capable+0x18/0xb0)\n(cap_capable) from (cap_vm_enough_memory+0x38/0x48)\n(cap_vm_enough_memory) from\n(security_vm_enough_memory_mm+0x48/0x6c)\n(security_vm_enough_memory_mm) from\n(copy_process.constprop.5+0x16b4/0x25c8)\n(copy_process.constprop.5) from (_do_fork+0xe8/0x55c)\n(_do_fork) from (SyS_clone+0x1c/0x24)\n(SyS_clone) from (__sys_trace_return+0x0/0x10)\nCode: 0050a0e1 6c0080e2 0140a0e1 0260a0e1 (f801f0e7)(CVE-2021-47618)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free after failure to create a snapshot\n\nAt ioctl.c:create_snapshot(), we allocate a pending snapshot structure and\nthen attach it to the transaction's list of pending snapshots. After that\nwe call btrfs_commit_transaction(), and if that returns an error we jump\nto 'fail' label, where we kfree() the pending snapshot structure. This can\nresult in a later use-after-free of the pending snapshot:\n\n1) We allocated the pending snapshot and added it to the transaction's\n list of pending snapshots;\n\n2) We call btrfs_commit_transaction(), and it fails either at the first\n call to btrfs_run_delayed_refs() or btrfs_start_dirty_block_groups().\n In both cases, we don't abort the transaction and we release our\n transaction handle. We jump to the 'fail' label and free the pending\n snapshot structure. We return with the pending snapshot still in the\n transaction's list;\n\n3) Another task commits the transaction. This time there's no error at\n all, and then during the transaction commit it accesses a pointer\n to the pending snapshot structure that the snapshot creation task\n has already freed, resulting in a user-after-free.\n\nThis issue could actually be detected by smatch, which produced the\nfollowing warning:\n\n fs/btrfs/ioctl.c:843 create_snapshot() warn: '&pending_snapshot->list' not removed from list\n\nSo fix this by not having the snapshot creation ioctl directly add the\npending snapshot to the transaction's list. Instead add the pending\nsnapshot to the transaction handle, and then at btrfs_commit_transaction()\nwe add the snapshot to the list only when we can guarantee that any error\nreturned after that point will result in a transaction abort, in which\ncase the ioctl code can safely free the pending snapshot and no one can\naccess it anymore.(CVE-2022-48733)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid field-overflowing memcpy()\n\nIn preparation for FORTIFY_SOURCE performing compile-time and run-time\nfield bounds checking for memcpy(), memmove(), and memset(), avoid\nintentionally writing across neighboring fields.\n\nUse flexible arrays instead of zero-element arrays (which look like they\nare always overflowing) and split the cross-field memcpy() into two halves\nthat can be appropriately bounds-checked by the compiler.\n\nWe were doing:\n\n\t#define ETH_HLEN 14\n\t#define VLAN_HLEN 4\n\t...\n\t#define MLX5E_XDP_MIN_INLINE (ETH_HLEN + VLAN_HLEN)\n\t...\n struct mlx5e_tx_wqe *wqe = mlx5_wq_cyc_get_wqe(wq, pi);\n\t...\n struct mlx5_wqe_eth_seg *eseg = &wqe->eth;\n struct mlx5_wqe_data_seg *dseg = wqe->data;\n\t...\n\tmemcpy(eseg->inline_hdr.start, xdptxd->data, MLX5E_XDP_MIN_INLINE);\n\ntarget is wqe->eth.inline_hdr.start (which the compiler sees as being\n2 bytes in size), but copying 18, intending to write across start\n(really vlan_tci, 2 bytes). The remaining 16 bytes get written into\nwqe->data[0], covering byte_count (4 bytes), lkey (4 bytes), and addr\n(8 bytes).\n\nstruct mlx5e_tx_wqe {\n struct mlx5_wqe_ctrl_seg ctrl; /* 0 16 */\n struct mlx5_wqe_eth_seg eth; /* 16 16 */\n struct mlx5_wqe_data_seg data[]; /* 32 0 */\n\n /* size: 32, cachelines: 1, members: 3 */\n /* last cacheline: 32 bytes */\n};\n\nstruct mlx5_wqe_eth_seg {\n u8 swp_outer_l4_offset; /* 0 1 */\n u8 swp_outer_l3_offset; /* 1 1 */\n u8 swp_inner_l4_offset; /* 2 1 */\n u8 swp_inner_l3_offset; /* 3 1 */\n u8 cs_flags; /* 4 1 */\n u8 swp_flags; /* 5 1 */\n __be16 mss; /* 6 2 */\n __be32 flow_table_metadata; /* 8 4 */\n union {\n struct {\n __be16 sz; /* 12 2 */\n u8 start[2]; /* 14 2 */\n } inline_hdr; /* 12 4 */\n struct {\n __be16 type; /* 12 2 */\n __be16 vlan_tci; /* 14 2 */\n } insert; /* 12 4 */\n __be32 trailer; /* 12 4 */\n }; /* 12 4 */\n\n /* size: 16, cachelines: 1, members: 9 */\n /* last cacheline: 16 bytes */\n};\n\nstruct mlx5_wqe_data_seg {\n __be32 byte_count; /* 0 4 */\n __be32 lkey; /* 4 4 */\n __be64 addr; /* 8 8 */\n\n /* size: 16, cachelines: 1, members: 3 */\n /* last cacheline: 16 bytes */\n};\n\nSo, split the memcpy() so the compiler can reason about the buffer\nsizes.\n\n\"pahole\" shows no size nor member offset changes to struct mlx5e_tx_wqe\nnor struct mlx5e_umr_wqe. \"objdump -d\" shows no meaningful object\ncode changes (i.e. only source line number induced differences and\noptimizations).(CVE-2022-48744)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nKVM: LAPIC: Also cancel preemption timer during SET_LAPIC\n\nThe below warning is splatting during guest reboot.\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]\n CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5\n RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]\n Call Trace:\n <TASK>\n kvm_vcpu_ioctl+0x279/0x710 [kvm]\n __x64_sys_ioctl+0x83/0xb0\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fd39797350b\n\nThis can be triggered by not exposing tsc-deadline mode and doing a reboot in\nthe guest. The lapic_shutdown() function which is called in sys_reboot path\nwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clears\nAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-mode\nswitch between tsc-deadline and oneshot/periodic, which can result in preemption\ntimer be cancelled in apic_update_lvtt(). However, We can't depend on this when\nnot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemption\ntimer. Qemu will synchronise states around reset, let's cancel preemption timer\nunder KVM_SET_LAPIC.(CVE-2022-48765)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: lgdt3306a: Add a check against null-pointer-def\n\nThe driver should check whether the client provides the platform_data.\n\nThe following log reveals it:\n\n[ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40\n[ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414\n[ 29.612820] Call Trace:\n[ 29.613030] <TASK>\n[ 29.613201] dump_stack_lvl+0x56/0x6f\n[ 29.613496] ? kmemdup+0x30/0x40\n[ 29.613754] print_report.cold+0x494/0x6b7\n[ 29.614082] ? kmemdup+0x30/0x40\n[ 29.614340] kasan_report+0x8a/0x190\n[ 29.614628] ? kmemdup+0x30/0x40\n[ 29.614888] kasan_check_range+0x14d/0x1d0\n[ 29.615213] memcpy+0x20/0x60\n[ 29.615454] kmemdup+0x30/0x40\n[ 29.615700] lgdt3306a_probe+0x52/0x310\n[ 29.616339] i2c_device_probe+0x951/0xa90(CVE-2022-48772)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: Add date->evt_skb is NULL check\n\nfix crash because of null pointers\n\n[ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8\n[ 6104.969667] #PF: supervisor read access in kernel mode\n[ 6104.969668] #PF: error_code(0x0000) - not-present page\n[ 6104.969670] PGD 0 P4D 0\n[ 6104.969673] Oops: 0000 [#1] SMP NOPTI\n[ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb]\n[ 6104.969688] RSP: 0018:ffffb8d681533d48 EFLAGS: 00010246\n[ 6104.969689] RAX: 0000000000000000 RBX: ffff8ad560bb2000 RCX: 0000000000000006\n[ 6104.969691] RDX: 0000000000000000 RSI: ffffb8d681533d08 RDI: 0000000000000000\n[ 6104.969692] RBP: ffffb8d681533d70 R08: 0000000000000001 R09: 0000000000000001\n[ 6104.969694] R10: 0000000000000001 R11: 00000000fa83b2da R12: ffff8ad461d1d7c0\n[ 6104.969695] R13: 0000000000000000 R14: ffff8ad459618c18 R15: ffffb8d681533d90\n[ 6104.969697] FS: 00007f5a1cab9d40(0000) GS:ffff8ad578200000(0000) knlGS:00000\n[ 6104.969699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6104.969700] CR2: 00000000000000c8 CR3: 000000018620c001 CR4: 0000000000760ef0\n[ 6104.969701] PKRU: 55555554\n[ 6104.969702] Call Trace:\n[ 6104.969708] btusb_mtk_shutdown+0x44/0x80 [btusb]\n[ 6104.969732] hci_dev_do_close+0x470/0x5c0 [bluetooth]\n[ 6104.969748] hci_rfkill_set_block+0x56/0xa0 [bluetooth]\n[ 6104.969753] rfkill_set_block+0x92/0x160\n[ 6104.969755] rfkill_fop_write+0x136/0x1e0\n[ 6104.969759] __vfs_write+0x18/0x40\n[ 6104.969761] vfs_write+0xdf/0x1c0\n[ 6104.969763] ksys_write+0xb1/0xe0\n[ 6104.969765] __x64_sys_write+0x1a/0x20\n[ 6104.969769] do_syscall_64+0x51/0x180\n[ 6104.969771] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n[ 6104.969773] RIP: 0033:0x7f5a21f18fef\n[ 6104.9] RSP: 002b:00007ffeefe39010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\n[ 6104.969780] RAX: ffffffffffffffda RBX: 000055c10a7560a0 RCX: 00007f5a21f18fef\n[ 6104.969781] RDX: 0000000000000008 RSI: 00007ffeefe39060 RDI: 0000000000000012\n[ 6104.969782] RBP: 00007ffeefe39060 R08: 0000000000000000 R09: 0000000000000017\n[ 6104.969784] R10: 00007ffeefe38d97 R11: 0000000000000293 R12: 0000000000000002\n[ 6104.969785] R13: 00007ffeefe39220 R14: 00007ffeefe391a0 R15: 000055c10a72acf0(CVE-2023-52833)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline\n\nThe absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of\ninterrupt affinity reconfiguration via procfs. Instead, the change is\ndeferred until the next instance of the interrupt being triggered on the\noriginal CPU.\n\nWhen the interrupt next triggers on the original CPU, the new affinity is\nenforced within __irq_move_irq(). A vector is allocated from the new CPU,\nbut the old vector on the original CPU remains and is not immediately\nreclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming\nprocess is delayed until the next trigger of the interrupt on the new CPU.\n\nUpon the subsequent triggering of the interrupt on the new CPU,\nirq_complete_move() adds a task to the old CPU's vector_cleanup list if it\nremains online. Subsequently, the timer on the old CPU iterates over its\nvector_cleanup list, reclaiming old vectors.\n\nHowever, a rare scenario arises if the old CPU is outgoing before the\ninterrupt triggers again on the new CPU.\n\nIn that case irq_force_complete_move() is not invoked on the outgoing CPU\nto reclaim the old apicd->prev_vector because the interrupt isn't currently\naffine to the outgoing CPU, and irq_needs_fixup() returns false. Even\nthough __vector_schedule_cleanup() is later called on the new CPU, it\ndoesn't reclaim apicd->prev_vector; instead, it simply resets both\napicd->move_in_progress and apicd->prev_vector to 0.\n\nAs a result, the vector remains unreclaimed in vector_matrix, leading to a\nCPU vector leak.\n\nTo address this issue, move the invocation of irq_force_complete_move()\nbefore the irq_needs_fixup() call to reclaim apicd->prev_vector, if the\ninterrupt is currently or used to be affine to the outgoing CPU.\n\nAdditionally, reclaim the vector in __vector_schedule_cleanup() as well,\nfollowing a warning message, although theoretically it should never see\napicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU.(CVE-2024-31076)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nof: dynamic: Synchronize of_changeset_destroy() with the devlink removals\n\nIn the following sequence:\n 1) of_platform_depopulate()\n 2) of_overlay_remove()\n\nDuring the step 1, devices are destroyed and devlinks are removed.\nDuring the step 2, OF nodes are destroyed but\n__of_changeset_entry_destroy() can raise warnings related to missing\nof_node_put():\n ERROR: memory leak, expected refcount 1 instead of 2 ...\n\nIndeed, during the devlink removals performed at step 1, the removal\nitself releasing the device (and the attached of_node) is done by a job\nqueued in a workqueue and so, it is done asynchronously with respect to\nfunction calls.\nWhen the warning is present, of_node_put() will be called but wrongly\ntoo late from the workqueue job.\n\nIn order to be sure that any ongoing devlink removals are done before\nthe of_node destruction, synchronize the of_changeset_destroy() with the\ndevlink removals.(CVE-2024-35879)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_skbmod: prevent kernel-infoleak\n\nsyzbot found that tcf_skbmod_dump() was copying four bytes\nfrom kernel stack to user space [1].\n\nThe issue here is that 'struct tc_skbmod' has a four bytes hole.\n\nWe need to clear the structure before filling fields.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n copy_to_iter include/linux/uio.h:196 [inline]\n simple_copy_to_iter net/core/datagram.c:532 [inline]\n __skb_datagram_iter+0x185/0x1000 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:4050 [inline]\n netlink_recvmsg+0x432/0x1610 net/netlink/af_netlink.c:1962\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n __sys_recvfrom+0x35a/0x5f0 net/socket.c:2242\n __do_sys_recvfrom net/socket.c:2260 [inline]\n __se_sys_recvfrom net/socket.c:2256 [inline]\n __x64_sys_recvfrom+0x126/0x1d0 net/socket.c:2256\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was stored to memory at:\n pskb_expand_head+0x30f/0x19d0 net/core/skbuff.c:2253\n netlink_trim+0x2c2/0x330 net/netlink/af_netlink.c:1317\n netlink_unicast+0x9f/0x1260 net/netlink/af_netlink.c:1351\n nlmsg_unicast include/net/netlink.h:1144 [inline]\n nlmsg_notify+0x21d/0x2f0 net/netlink/af_netlink.c:2610\n rtnetlink_send+0x73/0x90 net/core/rtnetlink.c:741\n rtnetlink_maybe_send include/linux/rtnetlink.h:17 [inline]\n tcf_add_notify net/sched/act_api.c:2048 [inline]\n tcf_action_add net/sched/act_api.c:2071 [inline]\n tc_ctl_action+0x146e/0x19d0 net/sched/act_api.c:2119\n rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2559\n rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6613\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xf4c/0x1260 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10df/0x11f0 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was stored to memory at:\n __nla_put lib/nlattr.c:1041 [inline]\n nla_put+0x1c6/0x230 lib/nlattr.c:1099\n tcf_skbmod_dump+0x23f/0xc20 net/sched/act_skbmod.c:256\n tcf_action_dump_old net/sched/act_api.c:1191 [inline]\n tcf_action_dump_1+0x85e/0x970 net/sched/act_api.c:1227\n tcf_action_dump+0x1fd/0x460 net/sched/act_api.c:1251\n tca_get_fill+0x519/0x7a0 net/sched/act_api.c:1628\n tcf_add_notify_msg net/sched/act_api.c:2023 [inline]\n tcf_add_notify net/sched/act_api.c:2042 [inline]\n tcf_action_add net/sched/act_api.c:2071 [inline]\n tc_ctl_action+0x1365/0x19d0 net/sched/act_api.c:2119\n rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netli\n---truncated---(CVE-2024-35893)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr\n\nAlthough ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it\nstill means hlist_for_each_entry_rcu can return an item that got removed\nfrom the list. The memory itself of such item is not freed thanks to RCU\nbut nothing guarantees the actual content of the memory is sane.\n\nIn particular, the reference count can be zero. This can happen if\nipv6_del_addr is called in parallel. ipv6_del_addr removes the entry\nfrom inet6_addr_lst (hlist_del_init_rcu(&ifp->addr_lst)) and drops all\nreferences (__in6_ifa_put(ifp) + in6_ifa_put(ifp)). With bad enough\ntiming, this can happen:\n\n1. In ipv6_get_ifaddr, hlist_for_each_entry_rcu returns an entry.\n\n2. Then, the whole ipv6_del_addr is executed for the given entry. The\n reference count drops to zero and kfree_rcu is scheduled.\n\n3. ipv6_get_ifaddr continues and tries to increments the reference count\n (in6_ifa_hold).\n\n4. The rcu is unlocked and the entry is freed.\n\n5. The freed entry is returned.\n\nPrevent increasing of the reference count in such case. The name\nin6_ifa_hold_safe is chosen to mimic the existing fib6_info_hold_safe.\n\n[ 41.506330] refcount_t: addition on 0; use-after-free.\n[ 41.506760] WARNING: CPU: 0 PID: 595 at lib/refcount.c:25 refcount_warn_saturate+0xa5/0x130\n[ 41.507413] Modules linked in: veth bridge stp llc\n[ 41.507821] CPU: 0 PID: 595 Comm: python3 Not tainted 6.9.0-rc2.main-00208-g49563be82afa #14\n[ 41.508479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n[ 41.509163] RIP: 0010:refcount_warn_saturate+0xa5/0x130\n[ 41.509586] Code: ad ff 90 0f 0b 90 90 c3 cc cc cc cc 80 3d c0 30 ad 01 00 75 a0 c6 05 b7 30 ad 01 01 90 48 c7 c7 38 cc 7a 8c e8 cc 18 ad ff 90 <0f> 0b 90 90 c3 cc cc cc cc 80 3d 98 30 ad 01 00 0f 85 75 ff ff ff\n[ 41.510956] RSP: 0018:ffffbda3c026baf0 EFLAGS: 00010282\n[ 41.511368] RAX: 0000000000000000 RBX: ffff9e9c46914800 RCX: 0000000000000000\n[ 41.511910] RDX: ffff9e9c7ec29c00 RSI: ffff9e9c7ec1c900 RDI: ffff9e9c7ec1c900\n[ 41.512445] RBP: ffff9e9c43660c9c R08: 0000000000009ffb R09: 00000000ffffdfff\n[ 41.512998] R10: 00000000ffffdfff R11: ffffffff8ca58a40 R12: ffff9e9c4339a000\n[ 41.513534] R13: 0000000000000001 R14: ffff9e9c438a0000 R15: ffffbda3c026bb48\n[ 41.514086] FS: 00007fbc4cda1740(0000) GS:ffff9e9c7ec00000(0000) knlGS:0000000000000000\n[ 41.514726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 41.515176] CR2: 000056233b337d88 CR3: 000000000376e006 CR4: 0000000000370ef0\n[ 41.515713] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 41.516252] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 41.516799] Call Trace:\n[ 41.517037] <TASK>\n[ 41.517249] ? __warn+0x7b/0x120\n[ 41.517535] ? refcount_warn_saturate+0xa5/0x130\n[ 41.517923] ? report_bug+0x164/0x190\n[ 41.518240] ? handle_bug+0x3d/0x70\n[ 41.518541] ? exc_invalid_op+0x17/0x70\n[ 41.520972] ? asm_exc_invalid_op+0x1a/0x20\n[ 41.521325] ? refcount_warn_saturate+0xa5/0x130\n[ 41.521708] ipv6_get_ifaddr+0xda/0xe0\n[ 41.522035] inet6_rtm_getaddr+0x342/0x3f0\n[ 41.522376] ? __pfx_inet6_rtm_getaddr+0x10/0x10\n[ 41.522758] rtnetlink_rcv_msg+0x334/0x3d0\n[ 41.523102] ? netlink_unicast+0x30f/0x390\n[ 41.523445] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n[ 41.523832] netlink_rcv_skb+0x53/0x100\n[ 41.524157] netlink_unicast+0x23b/0x390\n[ 41.524484] netlink_sendmsg+0x1f2/0x440\n[ 41.524826] __sys_sendto+0x1d8/0x1f0\n[ 41.525145] __x64_sys_sendto+0x1f/0x30\n[ 41.525467] do_syscall_64+0xa5/0x1b0\n[ 41.525794] entry_SYSCALL_64_after_hwframe+0x72/0x7a\n[ 41.526213] RIP: 0033:0x7fbc4cfcea9a\n[ 41.526528] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89\n[ 41.527942] RSP: 002b:00007f\n---truncated---(CVE-2024-35969)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix TASK_SIZE on 64-bit NOMMU\n\nOn NOMMU, userspace memory can come from anywhere in physical RAM. The\ncurrent definition of TASK_SIZE is wrong if any RAM exists above 4G,\ncausing spurious failures in the userspace access routines.(CVE-2024-35988)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/arm/malidp: fix a possible null pointer dereference\n\nIn malidp_mw_connector_reset, new memory is allocated with kzalloc, but\nno check is performed. In order to prevent null pointer dereferencing,\nensure that mw_state is checked before calling\n__drm_atomic_helper_connector_reset.(CVE-2024-36014)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix missing memory barrier in tls_init\n\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\n\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx->sk_proto = READ_ONCE(sk->sk_prot) -(1)\n\n// In update_sk_prot()\nWRITE_ONCE(sk->sk_prot, tls_prots) -(2)\n\n // In sock_common_setsockopt()\n READ_ONCE(sk->sk_prot)->setsockopt()\n\n // In tls_{setsockopt,getsockopt}()\n ctx->sk_proto->setsockopt() -(3)\n\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx->sk_proto, causing NULL dereference.\n\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is\ninitialized, we can ensure that ctx->sk_proto are visible when\nchanging sk->sk_prot.(CVE-2024-36489)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: delete vq in vp_find_vqs_msix() when request_irq() fails\n\nWhen request_irq() fails, error path calls vp_del_vqs(). There, as vq is\npresent in the list, free_irq() is called for the same vector. That\ncauses following splat:\n\n[ 0.414355] Trying to free already-free IRQ 27\n[ 0.414403] WARNING: CPU: 1 PID: 1 at kernel/irq/manage.c:1899 free_irq+0x1a1/0x2d0\n[ 0.414510] Modules linked in:\n[ 0.414540] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc4+ #27\n[ 0.414540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014\n[ 0.414540] RIP: 0010:free_irq+0x1a1/0x2d0\n[ 0.414540] Code: 1e 00 48 83 c4 08 48 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 8b 74 24 04 48 c7 c7 98 80 6c b1 e8 00 c9 f7 ff 90 <0f> 0b 90 90 48 89 ee 4c 89 ef e8 e0 20 b8 00 49 8b 47 40 48 8b 40\n[ 0.414540] RSP: 0000:ffffb71480013ae0 EFLAGS: 00010086\n[ 0.414540] RAX: 0000000000000000 RBX: ffffa099c2722000 RCX: 0000000000000000\n[ 0.414540] RDX: 0000000000000000 RSI: ffffb71480013998 RDI: 0000000000000001\n[ 0.414540] RBP: 0000000000000246 R08: 00000000ffffdfff R09: 0000000000000001\n[ 0.414540] R10: 00000000ffffdfff R11: ffffffffb18729c0 R12: ffffa099c1c91760\n[ 0.414540] R13: ffffa099c1c916a4 R14: ffffa099c1d2f200 R15: ffffa099c1c91600\n[ 0.414540] FS: 0000000000000000(0000) GS:ffffa099fec40000(0000) knlGS:0000000000000000\n[ 0.414540] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 0.414540] CR2: 0000000000000000 CR3: 0000000008e3e001 CR4: 0000000000370ef0\n[ 0.414540] Call Trace:\n[ 0.414540] <TASK>\n[ 0.414540] ? __warn+0x80/0x120\n[ 0.414540] ? free_irq+0x1a1/0x2d0\n[ 0.414540] ? report_bug+0x164/0x190\n[ 0.414540] ? handle_bug+0x3b/0x70\n[ 0.414540] ? exc_invalid_op+0x17/0x70\n[ 0.414540] ? asm_exc_invalid_op+0x1a/0x20\n[ 0.414540] ? free_irq+0x1a1/0x2d0\n[ 0.414540] vp_del_vqs+0xc1/0x220\n[ 0.414540] vp_find_vqs_msix+0x305/0x470\n[ 0.414540] vp_find_vqs+0x3e/0x1a0\n[ 0.414540] vp_modern_find_vqs+0x1b/0x70\n[ 0.414540] init_vqs+0x387/0x600\n[ 0.414540] virtnet_probe+0x50a/0xc80\n[ 0.414540] virtio_dev_probe+0x1e0/0x2b0\n[ 0.414540] really_probe+0xc0/0x2c0\n[ 0.414540] ? __pfx___driver_attach+0x10/0x10\n[ 0.414540] __driver_probe_device+0x73/0x120\n[ 0.414540] driver_probe_device+0x1f/0xe0\n[ 0.414540] __driver_attach+0x88/0x180\n[ 0.414540] bus_for_each_dev+0x85/0xd0\n[ 0.414540] bus_add_driver+0xec/0x1f0\n[ 0.414540] driver_register+0x59/0x100\n[ 0.414540] ? __pfx_virtio_net_driver_init+0x10/0x10\n[ 0.414540] virtio_net_driver_init+0x90/0xb0\n[ 0.414540] do_one_initcall+0x58/0x230\n[ 0.414540] kernel_init_freeable+0x1a3/0x2d0\n[ 0.414540] ? __pfx_kernel_init+0x10/0x10\n[ 0.414540] kernel_init+0x1a/0x1c0\n[ 0.414540] ret_from_fork+0x31/0x50\n[ 0.414540] ? __pfx_kernel_init+0x10/0x10\n[ 0.414540] ret_from_fork_asm+0x1a/0x30\n[ 0.414540] </TASK>\n\nFix this by calling deleting the current vq when request_irq() fails.(CVE-2024-37353)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix crash on racing fsync and size-extending write into prealloc\n\nWe have been seeing crashes on duplicate keys in\nbtrfs_set_item_key_safe():\n\n BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2620!\n invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]\n\nWith the following stack trace:\n\n #0 btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)\n #1 btrfs_drop_extents (fs/btrfs/file.c:411:4)\n #2 log_one_extent (fs/btrfs/tree-log.c:4732:9)\n #3 btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)\n #4 btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)\n #5 btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)\n #6 btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)\n #7 btrfs_sync_file (fs/btrfs/file.c:1933:8)\n #8 vfs_fsync_range (fs/sync.c:188:9)\n #9 vfs_fsync (fs/sync.c:202:9)\n #10 do_fsync (fs/sync.c:212:9)\n #11 __do_sys_fdatasync (fs/sync.c:225:9)\n #12 __se_sys_fdatasync (fs/sync.c:223:1)\n #13 __x64_sys_fdatasync (fs/sync.c:223:1)\n #14 do_syscall_x64 (arch/x86/entry/common.c:52:14)\n #15 do_syscall_64 (arch/x86/entry/common.c:83:7)\n #16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)\n\nSo we're logging a changed extent from fsync, which is splitting an\nextent in the log tree. But this split part already exists in the tree,\ntriggering the BUG().\n\nThis is the state of the log tree at the time of the crash, dumped with\ndrgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)\nto get more details than btrfs_print_leaf() gives us:\n\n >>> print_extent_buffer(prog.crashed_thread().stack_trace()[0][\"eb\"])\n leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610\n leaf 33439744 flags 0x100000000000000\n fs uuid e5bd3946-400c-4223-8923-190ef1f18677\n chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da\n item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160\n generation 7 transid 9 size 8192 nbytes 8473563889606862198\n block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0\n sequence 204 flags 0x10(PREALLOC)\n atime 1716417703.220000000 (2024-05-22 15:41:43)\n ctime 1716417704.983333333 (2024-05-22 15:41:44)\n mtime 1716417704.983333333 (2024-05-22 15:41:44)\n otime 17592186044416.000000000 (559444-03-08 01:40:16)\n item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13\n index 195 namelen 3 name: 193\n item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37\n location key (0 UNKNOWN.0 0) type XATTR\n transid 7 data_len 1 name_len 6\n name: user.a\n data a\n item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53\n generation 9 type 1 (regular)\n extent data disk byte 303144960 nr 12288\n extent data offset 0 nr 4096 ram 12288\n extent compression 0 (none)\n item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 4096 nr 8192\n item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 8192 nr 4096\n ...\n\nSo the real problem happened earlier: notice that items 4 (4k-12k) and 5\n(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and\nitem 5 starts at i_size.\n\nHere is the state of \n---truncated---(CVE-2024-37354)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: Fix uninit-value in nci_rx_work\n\nsyzbot reported the following uninit-value access issue [1]\n\nnci_rx_work() parses received packet from ndev->rx_q. It should be\nvalidated header size, payload size and total packet size before\nprocessing the packet. If an invalid packet is detected, it should be\nsilently discarded.(CVE-2024-38381)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries\n\nThe allocation failure of mycs->yuv_scaler_binary in load_video_binaries()\nis followed with a dereference of mycs->yuv_scaler_binary after the\nfollowing call chain:\n\nsh_css_pipe_load_binaries()\n |-> load_video_binaries(mycs->yuv_scaler_binary == NULL)\n |\n |-> sh_css_pipe_unload_binaries()\n |-> unload_video_binaries()\n\nIn unload_video_binaries(), it calls to ia_css_binary_unload with argument\n&pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the\nsame memory slot as mycs->yuv_scaler_binary. Thus, a null-pointer\ndereference is triggered.(CVE-2024-38547)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential index out of bounds in color transformation function\n\nFixes index out of bounds issue in the color transformation function.\nThe issue could occur when the index 'i' exceeds the number of transfer\nfunction points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, an error message is\nlogged and the function returns false to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:407 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max(CVE-2024-38552)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issue of net_device\n\nThere is a reference count leak issue of the object \"net_device\" in\nax25_dev_device_down(). When the ax25 device is shutting down, the\nax25_dev_device_down() drops the reference count of net_device one\nor zero times depending on if we goto unlock_put or not, which will\ncause memory leak.\n\nIn order to solve the above issue, decrease the reference count of\nnet_device after dev->ax25_ptr is set to null.(CVE-2024-38554)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow\n\nThere is a possibility of buffer overflow in\nshow_rcu_tasks_trace_gp_kthread() if counters, passed\nto sprintf() are huge. Counter numbers, needed for this\nare unrealistically high, but buffer overflow is still\npossible.\n\nUse snprintf() with buffer size instead of sprintf().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-38577)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: bcm - Fix pointer arithmetic\n\nIn spu2_dump_omd() value of ptr is increased by ciph_key_len\ninstead of hash_iv_len which could lead to going beyond the\nbuffer boundaries.\nFix this bug by changing ciph_key_len to hash_iv_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-38579)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential hang in nilfs_detach_log_writer()\n\nSyzbot has reported a potential hang in nilfs_detach_log_writer() called\nduring nilfs2 unmount.\n\nAnalysis revealed that this is because nilfs_segctor_sync(), which\nsynchronizes with the log writer thread, can be called after\nnilfs_segctor_destroy() terminates that thread, as shown in the call trace\nbelow:\n\nnilfs_detach_log_writer\n nilfs_segctor_destroy\n nilfs_segctor_kill_thread --> Shut down log writer thread\n flush_work\n nilfs_iput_work_func\n nilfs_dispose_list\n iput\n nilfs_evict_inode\n nilfs_transaction_commit\n nilfs_construct_segment (if inode needs sync)\n nilfs_segctor_sync --> Attempt to synchronize with\n log writer thread\n *** DEADLOCK ***\n\nFix this issue by changing nilfs_segctor_sync() so that the log writer\nthread returns normally without synchronizing after it terminates, and by\nforcing tasks that are already waiting to complete once after the thread\nterminates.\n\nThe skipped inode metadata flushout will then be processed together in the\nsubsequent cleanup work in nilfs_segctor_destroy().(CVE-2024-38582)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free of timer for log writer thread\n\nPatch series \"nilfs2: fix log writer related issues\".\n\nThis bug fix series covers three nilfs2 log writer-related issues,\nincluding a timer use-after-free issue and potential deadlock issue on\nunmount, and a potential freeze issue in event synchronization found\nduring their analysis. Details are described in each commit log.\n\n\nThis patch (of 3):\n\nA use-after-free issue has been reported regarding the timer sc_timer on\nthe nilfs_sc_info structure.\n\nThe problem is that even though it is used to wake up a sleeping log\nwriter thread, sc_timer is not shut down until the nilfs_sc_info structure\nis about to be freed, and is used regardless of the thread's lifetime.\n\nFix this issue by limiting the use of sc_timer only while the log writer\nthread is alive.(CVE-2024-38583)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Modify the print level of CQE error\n\nToo much print may lead to a panic in kernel. Change ibdev_err() to\nibdev_err_ratelimited(), and change the printing level of cqe dump\nto debug level.(CVE-2024-38590)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix resync softlockup when bitmap size is less than array size\n\nIs is reported that for dm-raid10, lvextend + lvchange --syncaction will\ntrigger following softlockup:\n\nkernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]\nCPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1\nRIP: 0010:_raw_spin_unlock_irq+0x13/0x30\nCall Trace:\n <TASK>\n md_bitmap_start_sync+0x6b/0xf0\n raid10_sync_request+0x25c/0x1b40 [raid10]\n md_do_sync+0x64b/0x1020\n md_thread+0xa7/0x170\n kthread+0xcf/0x100\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1a/0x30\n\nAnd the detailed process is as follows:\n\nmd_do_sync\n j = mddev->resync_min\n while (j < max_sectors)\n sectors = raid10_sync_request(mddev, j, &skipped)\n if (!md_bitmap_start_sync(..., &sync_blocks))\n // md_bitmap_start_sync set sync_blocks to 0\n return sync_blocks + sectors_skippe;\n // sectors = 0;\n j += sectors;\n // j never change\n\nRoot cause is that commit 301867b1c168 (\"md/raid10: check\nslab-out-of-bounds in md_bitmap_get_counter\") return early from\nmd_bitmap_get_counter(), without setting returned blocks.\n\nFix this problem by always set returned blocks from\nmd_bitmap_get_counter\"(), as it used to be.\n\nNoted that this patch just fix the softlockup problem in kernel, the\ncase that bitmap size doesn't match array size still need to be fixed.(CVE-2024-38598)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issues of ax25_dev\n\nThe ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference\ncount leak issue of the object \"ax25_dev\".\n\nMemory leak issue in ax25_addr_ax25dev():\n\nThe reference count of the object \"ax25_dev\" can be increased multiple\ntimes in ax25_addr_ax25dev(). This will cause a memory leak.\n\nMemory leak issues in ax25_dev_device_down():\n\nThe reference count of ax25_dev is set to 1 in ax25_dev_device_up() and\nthen increase the reference count when ax25_dev is added to ax25_dev_list.\nAs a result, the reference count of ax25_dev is 2. But when the device is\nshutting down. The ax25_dev_device_down() drops the reference count once\nor twice depending on if we goto unlock_put or not, which will cause\nmemory leak.\n\nAs for the issue of ax25_addr_ax25dev(), it is impossible for one pointer\nto be on a list twice. So add a break in ax25_addr_ax25dev(). As for the\nissue of ax25_dev_device_down(), increase the reference count of ax25_dev\nonce in ax25_dev_device_up() and decrease the reference count of ax25_dev\nafter it is removed from the ax25_dev_list.(CVE-2024-38602)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()\n\npci_alloc_irq_vectors() allocates an irq vector. When devm_add_action()\nfails, the irq vector is not freed, which leads to a memory leak.\n\nReplace the devm_add_action with devm_add_action_or_reset to ensure\nthe irq vector can be destroyed when it fails.(CVE-2024-38603)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: exit() callback is optional\n\nThe exit() callback is optional and shouldn't be called without checking\na valid pointer first.\n\nAlso, we must clear freq_table pointer even if the exit() callback isn't\npresent.(CVE-2024-38615)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: fix bounds checking in stk1160_copy_video()\n\nThe subtract in this condition is reversed. The ->length is the length\nof the buffer. The ->bytesused is how many bytes we have copied thus\nfar. When the condition is reversed that means the result of the\nsubtraction is always negative but since it's unsigned then the result\nis a very high positive value. That means the overflow check is never\ntrue.\n\nAdditionally, the ->bytesused doesn't actually work for this purpose\nbecause we're not writing to \"buf->mem + buf->bytesused\". Instead, the\nmath to calculate the destination where we are writing is a bit\ninvolved. You calculate the number of full lines already written,\nmultiply by two, skip a line if necessary so that we start on an odd\nnumbered line, and add the offset into the line.\n\nTo fix this buffer overflow, just take the actual destination where we\nare writing, if the offset is already out of bounds print an error and\nreturn. Otherwise, write up to buf->length bytes.(CVE-2024-38621)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use variable length array instead of fixed size\n\nShould fix smatch warning:\n\tntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)(CVE-2024-38623)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check 'folio' pointer for NULL\n\nIt can be NULL if bmap is called.(CVE-2024-38625)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Update uart_driver_registered on driver removal\n\nThe removal of the last MAX3100 device triggers the removal of\nthe driver. However, code doesn't update the respective global\nvariable and after insmod — rmmod — insmod cycle the kernel\noopses:\n\n max3100 spi-PRP0001:01: max3100_probe: adding port 0\n BUG: kernel NULL pointer dereference, address: 0000000000000408\n ...\n RIP: 0010:serial_core_register_port+0xa0/0x840\n ...\n max3100_probe+0x1b6/0x280 [max3100]\n spi_probe+0x8d/0xb0\n\nUpdate the actual state so next time UART driver will be registered\nagain.\n\nHugo also noticed, that the error path in the probe also affected\nby having the variable set, and not cleared. Instead of clearing it\nmove the assignment after the successfull uart_register_driver() call.(CVE-2024-38633)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Lock port->lock when calling uart_handle_cts_change()\n\nuart_handle_cts_change() has to be called with port lock taken,\nSince we run it in a separate work, the lock may not be taken at\nthe time of running. Make sure that it's taken by explicitly doing\nthat. Without it we got a splat:\n\n WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0\n ...\n Workqueue: max3100-0 max3100_work [max3100]\n RIP: 0010:uart_handle_cts_change+0xa6/0xb0\n ...\n max3100_handlerx+0xc5/0x110 [max3100]\n max3100_work+0x12a/0x340 [max3100](CVE-2024-38634)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: lights: check return of get_channel_from_mode\n\nIf channel for the given node is not found we return null from\nget_channel_from_mode. Make sure we validate the return pointer\nbefore using it in two of the missing places.\n\nThis was originally reported in [0]:\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru(CVE-2024-38637)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/sw-sync: don't enable IRQ from sync_print_obj()\n\nSince commit a6aa8fca4d79 (\"dma-buf/sw-sync: Reduce irqsave/irqrestore from\nknown context\") by error replaced spin_unlock_irqrestore() with\nspin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite\nsync_print_obj() is called from sync_debugfs_show(), lockdep complains\ninconsistent lock state warning.\n\nUse plain spin_{lock,unlock}() for sync_print_obj(), for\nsync_debugfs_show() is already using spin_{lock,unlock}_irq().(CVE-2024-38780)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix uninit-value in p9_client_rpc()\n\nSyzbot with the help of KMSAN reported the following error:\n\nBUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]\nBUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n trace_9p_client_res include/trace/events/9p.h:146 [inline]\n p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2175 [inline]\n allocate_slab mm/slub.c:2338 [inline]\n new_slab+0x2de/0x1400 mm/slub.c:2391\n ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525\n __slab_alloc mm/slub.c:3610 [inline]\n __slab_alloc_node mm/slub.c:3663 [inline]\n slab_alloc_node mm/slub.c:3835 [inline]\n kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852\n p9_tag_alloc net/9p/client.c:278 [inline]\n p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641\n p9_client_rpc+0x27e/0x1340 net/9p/client.c:688\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nIf p9_check_errors() fails early in p9_client_rpc(), req->rc.tag\nwill not be properly initialized. However, trace_9p_client_res()\nends up trying to print it out anyway before p9_client_rpc()\nfinishes.\n\nFix this issue by assigning default values to p9_fcall fields\nsuch as 'tag' and (just in case KMSAN unearths something new) 'id'\nduring the tag allocation stage.(CVE-2024-39301)\n\nRejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.(CVE-2024-39362)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()\n\nsyzbot reports a kernel bug as below:\n\nF2FS-fs (loop0): Mounted with checkpoint version = 48b305e4\n==================================================================\nBUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\nBUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline]\nBUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\nRead of size 1 at addr ffff88807a58c76c by task syz-executor280/5076\n\nCPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\n current_nat_addr fs/f2fs/node.h:213 [inline]\n f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\n f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline]\n f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925\n ioctl_fiemap fs/ioctl.c:220 [inline]\n do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838\n __do_sys_ioctl fs/ioctl.c:902 [inline]\n __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is we missed to do sanity check on i_xattr_nid during\nf2fs_iget(), so that in fiemap() path, current_nat_addr() will access\nnat_bitmap w/ offset from invalid i_xattr_nid, result in triggering\nkasan bug report, fix it.(CVE-2024-39467)",
|
|
"category":"general",
|
|
"title":"Description"
|
|
},
|
|
{
|
|
"text":"An update for kernel is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
|
|
"category":"general",
|
|
"title":"Topic"
|
|
},
|
|
{
|
|
"text":"Critical",
|
|
"category":"general",
|
|
"title":"Severity"
|
|
},
|
|
{
|
|
"text":"kernel",
|
|
"category":"general",
|
|
"title":"Affected Component"
|
|
}
|
|
],
|
|
"publisher":{
|
|
"issuing_authority":"openEuler security committee",
|
|
"name":"openEuler",
|
|
"namespace":"https://www.openeuler.org",
|
|
"contact_details":"openeuler-security@openeuler.org",
|
|
"category":"vendor"
|
|
},
|
|
"references":[
|
|
{
|
|
"summary":"openEuler-SA-2024-1839",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
},
|
|
{
|
|
"summary":"CVE-2021-47381",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47381&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2021-47618",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47618&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2022-48733",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48733&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2022-48744",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48744&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2022-48765",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48765&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2022-48772",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48772&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2023-52833",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52833&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-31076",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-31076&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-35879",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35879&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-35893",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35893&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-35969",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35969&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-35988",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35988&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-36014",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36014&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-36489",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36489&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-37353",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37353&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-37354",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37354&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38381",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38381&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38547",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38547&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38552",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38552&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38554",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38554&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38577",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38577&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38579",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38579&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38582",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38582&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38583",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38583&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38590",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38590&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38598",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38598&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38602",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38602&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38603",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38603&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38615",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38615&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38621",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38621&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38623",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38623&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38625",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38625&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38633",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38633&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38634",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38634&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38637",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38637&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-38780",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38780&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-39301",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39301&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-39362",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39362&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"CVE-2024-39467",
|
|
"category":"self",
|
|
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39467&packageName=kernel"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47381"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47618"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48733"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48744"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48765"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48772"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52833"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31076"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35879"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35893"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35969"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35988"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36014"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36489"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37353"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37354"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38381"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38547"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38552"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38554"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38577"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38579"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38582"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38583"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38590"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38598"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38602"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38603"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38615"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38621"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38623"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38625"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38633"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38634"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38637"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38780"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39301"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39362"
|
|
},
|
|
{
|
|
"summary":"nvd cve",
|
|
"category":"external",
|
|
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39467"
|
|
},
|
|
{
|
|
"summary":"openEuler-SA-2024-1839 vex file",
|
|
"category":"self",
|
|
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1839.json"
|
|
}
|
|
],
|
|
"title":"An update for kernel is now available for openEuler-22.03-LTS-SP3",
|
|
"tracking":{
|
|
"initial_release_date":"2024-07-12T22:52:20+08:00",
|
|
"revision_history":[
|
|
{
|
|
"date":"2024-07-12T22:52:20+08:00",
|
|
"summary":"Initial",
|
|
"number":"1.0.0"
|
|
}
|
|
],
|
|
"generator":{
|
|
"date":"2024-07-12T22:52:20+08:00",
|
|
"engine":{
|
|
"name":"openEuler CSAF Tool V1.0"
|
|
}
|
|
},
|
|
"current_release_date":"2024-07-12T22:52:20+08:00",
|
|
"id":"openEuler-SA-2024-1839",
|
|
"version":"1.0.0",
|
|
"status":"final"
|
|
}
|
|
},
|
|
"product_tree":{
|
|
"branches":[
|
|
{
|
|
"name":"openEuler",
|
|
"category":"vendor",
|
|
"branches":[
|
|
{
|
|
"name":"openEuler",
|
|
"branches":[
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"openEuler-22.03-LTS-SP3",
|
|
"name":"openEuler-22.03-LTS-SP3"
|
|
},
|
|
"name":"openEuler-22.03-LTS-SP3",
|
|
"category":"product_version"
|
|
}
|
|
],
|
|
"category":"product_name"
|
|
},
|
|
{
|
|
"name":"x86_64",
|
|
"branches":[
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"perf-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"perf-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"perf-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"name":"python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm"
|
|
},
|
|
"name":"python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"category":"product_version"
|
|
}
|
|
],
|
|
"category":"product_name"
|
|
},
|
|
{
|
|
"name":"aarch64",
|
|
"branches":[
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"perf-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"perf-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"perf-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
},
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"name":"python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm"
|
|
},
|
|
"name":"python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"category":"product_version"
|
|
}
|
|
],
|
|
"category":"product_name"
|
|
},
|
|
{
|
|
"name":"src",
|
|
"branches":[
|
|
{
|
|
"product":{
|
|
"product_identification_helper":{
|
|
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
|
|
},
|
|
"product_id":"kernel-5.10.0-218.0.0.121.oe2203sp3.src.rpm",
|
|
"name":"kernel-5.10.0-218.0.0.121.oe2203sp3.src.rpm"
|
|
},
|
|
"name":"kernel-5.10.0-218.0.0.121.oe2203sp3.src.rpm",
|
|
"category":"product_version"
|
|
}
|
|
],
|
|
"category":"product_name"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"relationships":[
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"perf-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"perf-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"name":"python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"perf-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"perf-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"name":"python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
},
|
|
{
|
|
"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
|
|
"product_reference":"kernel-5.10.0-218.0.0.121.oe2203sp3.src.rpm",
|
|
"full_product_name":{
|
|
"product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src",
|
|
"name":"kernel-5.10.0-218.0.0.121.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
|
|
},
|
|
"category":"default_component_of"
|
|
}
|
|
]
|
|
},
|
|
"vulnerabilities":[
|
|
{
|
|
"cve":"CVE-2021-47381",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Fix DSP oops stack dump output contents\n\nFix @buf arg given to hex_dump_to_buffer() and stack address used\nin dump error output.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2021-47381"
|
|
},
|
|
{
|
|
"cve":"CVE-2021-47618",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9170/1: fix panic when kasan and kprobe are enabled\n\narm32 uses software to simulate the instruction replaced\nby kprobe. some instructions may be simulated by constructing\nassembly functions. therefore, before executing instruction\nsimulation, it is necessary to construct assembly function\nexecution environment in C language through binding registers.\nafter kasan is enabled, the register binding relationship will\nbe destroyed, resulting in instruction simulation errors and\ncausing kernel panic.\n\nthe kprobe emulate instruction function is distributed in three\nfiles: actions-common.c actions-arm.c actions-thumb.c, so disable\nKASAN when compiling these files.\n\nfor example, use kprobe insert on cap_capable+20 after kasan\nenabled, the cap_capable assembly code is as follows:\n<cap_capable>:\ne92d47f0\tpush\t{r4, r5, r6, r7, r8, r9, sl, lr}\ne1a05000\tmov\tr5, r0\ne280006c\tadd\tr0, r0, #108 ; 0x6c\ne1a04001\tmov\tr4, r1\ne1a06002\tmov\tr6, r2\ne59fa090\tldr\tsl, [pc, #144] ;\nebfc7bf8\tbl\tc03aa4b4 <__asan_load4>\ne595706c\tldr\tr7, [r5, #108] ; 0x6c\ne2859014\tadd\tr9, r5, #20\n......\nThe emulate_ldr assembly code after enabling kasan is as follows:\nc06f1384 <emulate_ldr>:\ne92d47f0\tpush\t{r4, r5, r6, r7, r8, r9, sl, lr}\ne282803c\tadd\tr8, r2, #60 ; 0x3c\ne1a05000\tmov\tr5, r0\ne7e37855\tubfx\tr7, r5, #16, #4\ne1a00008\tmov\tr0, r8\ne1a09001\tmov\tr9, r1\ne1a04002\tmov\tr4, r2\nebf35462\tbl\tc03c6530 <__asan_load4>\ne357000f\tcmp\tr7, #15\ne7e36655\tubfx\tr6, r5, #12, #4\ne205a00f\tand\tsl, r5, #15\n0a000001\tbeq\tc06f13bc <emulate_ldr+0x38>\ne0840107\tadd\tr0, r4, r7, lsl #2\nebf3545c\tbl\tc03c6530 <__asan_load4>\ne084010a\tadd\tr0, r4, sl, lsl #2\nebf3545a\tbl\tc03c6530 <__asan_load4>\ne2890010\tadd\tr0, r9, #16\nebf35458\tbl\tc03c6530 <__asan_load4>\ne5990010\tldr\tr0, [r9, #16]\ne12fff30\tblx\tr0\ne356000f\tcm\tr6, #15\n1a000014\tbne\tc06f1430 <emulate_ldr+0xac>\ne1a06000\tmov\tr6, r0\ne2840040\tadd\tr0, r4, #64 ; 0x40\n......\n\nwhen running in emulate_ldr to simulate the ldr instruction, panic\noccurred, and the log is as follows:\nUnable to handle kernel NULL pointer dereference at virtual address\n00000090\npgd = ecb46400\n[00000090] *pgd=2e0fa003, *pmd=00000000\nInternal error: Oops: 206 [#1] SMP ARM\nPC is at cap_capable+0x14/0xb0\nLR is at emulate_ldr+0x50/0xc0\npsr: 600d0293 sp : ecd63af8 ip : 00000004 fp : c0a7c30c\nr10: 00000000 r9 : c30897f4 r8 : ecd63cd4\nr7 : 0000000f r6 : 0000000a r5 : e59fa090 r4 : ecd63c98\nr3 : c06ae294 r2 : 00000000 r1 : b7611300 r0 : bf4ec008\nFlags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user\nControl: 32c5387d Table: 2d546400 DAC: 55555555\nProcess bash (pid: 1643, stack limit = 0xecd60190)\n(cap_capable) from (kprobe_handler+0x218/0x340)\n(kprobe_handler) from (kprobe_trap_handler+0x24/0x48)\n(kprobe_trap_handler) from (do_undefinstr+0x13c/0x364)\n(do_undefinstr) from (__und_svc_finish+0x0/0x30)\n(__und_svc_finish) from (cap_capable+0x18/0xb0)\n(cap_capable) from (cap_vm_enough_memory+0x38/0x48)\n(cap_vm_enough_memory) from\n(security_vm_enough_memory_mm+0x48/0x6c)\n(security_vm_enough_memory_mm) from\n(copy_process.constprop.5+0x16b4/0x25c8)\n(copy_process.constprop.5) from (_do_fork+0xe8/0x55c)\n(_do_fork) from (SyS_clone+0x1c/0x24)\n(SyS_clone) from (__sys_trace_return+0x0/0x10)\nCode: 0050a0e1 6c0080e2 0140a0e1 0260a0e1 (f801f0e7)",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2021-47618"
|
|
},
|
|
{
|
|
"cve":"CVE-2022-48733",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free after failure to create a snapshot\n\nAt ioctl.c:create_snapshot(), we allocate a pending snapshot structure and\nthen attach it to the transaction's list of pending snapshots. After that\nwe call btrfs_commit_transaction(), and if that returns an error we jump\nto 'fail' label, where we kfree() the pending snapshot structure. This can\nresult in a later use-after-free of the pending snapshot:\n\n1) We allocated the pending snapshot and added it to the transaction's\n list of pending snapshots;\n\n2) We call btrfs_commit_transaction(), and it fails either at the first\n call to btrfs_run_delayed_refs() or btrfs_start_dirty_block_groups().\n In both cases, we don't abort the transaction and we release our\n transaction handle. We jump to the 'fail' label and free the pending\n snapshot structure. We return with the pending snapshot still in the\n transaction's list;\n\n3) Another task commits the transaction. This time there's no error at\n all, and then during the transaction commit it accesses a pointer\n to the pending snapshot structure that the snapshot creation task\n has already freed, resulting in a user-after-free.\n\nThis issue could actually be detected by smatch, which produced the\nfollowing warning:\n\n fs/btrfs/ioctl.c:843 create_snapshot() warn: '&pending_snapshot->list' not removed from list\n\nSo fix this by not having the snapshot creation ioctl directly add the\npending snapshot to the transaction's list. Instead add the pending\nsnapshot to the transaction handle, and then at btrfs_commit_transaction()\nwe add the snapshot to the list only when we can guarantee that any error\nreturned after that point will result in a transaction abort, in which\ncase the ioctl code can safely free the pending snapshot and no one can\naccess it anymore.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":6.7,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2022-48733"
|
|
},
|
|
{
|
|
"cve":"CVE-2022-48744",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid field-overflowing memcpy()\n\nIn preparation for FORTIFY_SOURCE performing compile-time and run-time\nfield bounds checking for memcpy(), memmove(), and memset(), avoid\nintentionally writing across neighboring fields.\n\nUse flexible arrays instead of zero-element arrays (which look like they\nare always overflowing) and split the cross-field memcpy() into two halves\nthat can be appropriately bounds-checked by the compiler.\n\nWe were doing:\n\n\t#define ETH_HLEN 14\n\t#define VLAN_HLEN 4\n\t...\n\t#define MLX5E_XDP_MIN_INLINE (ETH_HLEN + VLAN_HLEN)\n\t...\n struct mlx5e_tx_wqe *wqe = mlx5_wq_cyc_get_wqe(wq, pi);\n\t...\n struct mlx5_wqe_eth_seg *eseg = &wqe->eth;\n struct mlx5_wqe_data_seg *dseg = wqe->data;\n\t...\n\tmemcpy(eseg->inline_hdr.start, xdptxd->data, MLX5E_XDP_MIN_INLINE);\n\ntarget is wqe->eth.inline_hdr.start (which the compiler sees as being\n2 bytes in size), but copying 18, intending to write across start\n(really vlan_tci, 2 bytes). The remaining 16 bytes get written into\nwqe->data[0], covering byte_count (4 bytes), lkey (4 bytes), and addr\n(8 bytes).\n\nstruct mlx5e_tx_wqe {\n struct mlx5_wqe_ctrl_seg ctrl; /* 0 16 */\n struct mlx5_wqe_eth_seg eth; /* 16 16 */\n struct mlx5_wqe_data_seg data[]; /* 32 0 */\n\n /* size: 32, cachelines: 1, members: 3 */\n /* last cacheline: 32 bytes */\n};\n\nstruct mlx5_wqe_eth_seg {\n u8 swp_outer_l4_offset; /* 0 1 */\n u8 swp_outer_l3_offset; /* 1 1 */\n u8 swp_inner_l4_offset; /* 2 1 */\n u8 swp_inner_l3_offset; /* 3 1 */\n u8 cs_flags; /* 4 1 */\n u8 swp_flags; /* 5 1 */\n __be16 mss; /* 6 2 */\n __be32 flow_table_metadata; /* 8 4 */\n union {\n struct {\n __be16 sz; /* 12 2 */\n u8 start[2]; /* 14 2 */\n } inline_hdr; /* 12 4 */\n struct {\n __be16 type; /* 12 2 */\n __be16 vlan_tci; /* 14 2 */\n } insert; /* 12 4 */\n __be32 trailer; /* 12 4 */\n }; /* 12 4 */\n\n /* size: 16, cachelines: 1, members: 9 */\n /* last cacheline: 16 bytes */\n};\n\nstruct mlx5_wqe_data_seg {\n __be32 byte_count; /* 0 4 */\n __be32 lkey; /* 4 4 */\n __be64 addr; /* 8 8 */\n\n /* size: 16, cachelines: 1, members: 3 */\n /* last cacheline: 16 bytes */\n};\n\nSo, split the memcpy() so the compiler can reason about the buffer\nsizes.\n\n\"pahole\" shows no size nor member offset changes to struct mlx5e_tx_wqe\nnor struct mlx5e_umr_wqe. \"objdump -d\" shows no meaningful object\ncode changes (i.e. only source line number induced differences and\noptimizations).",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2022-48744"
|
|
},
|
|
{
|
|
"cve":"CVE-2022-48765",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: LAPIC: Also cancel preemption timer during SET_LAPIC\n\nThe below warning is splatting during guest reboot.\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]\n CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5\n RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]\n Call Trace:\n <TASK>\n kvm_vcpu_ioctl+0x279/0x710 [kvm]\n __x64_sys_ioctl+0x83/0xb0\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fd39797350b\n\nThis can be triggered by not exposing tsc-deadline mode and doing a reboot in\nthe guest. The lapic_shutdown() function which is called in sys_reboot path\nwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clears\nAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-mode\nswitch between tsc-deadline and oneshot/periodic, which can result in preemption\ntimer be cancelled in apic_update_lvtt(). However, We can't depend on this when\nnot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemption\ntimer. Qemu will synchronise states around reset, let's cancel preemption timer\nunder KVM_SET_LAPIC.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2022-48765"
|
|
},
|
|
{
|
|
"cve":"CVE-2022-48772",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: lgdt3306a: Add a check against null-pointer-def\n\nThe driver should check whether the client provides the platform_data.\n\nThe following log reveals it:\n\n[ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40\n[ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414\n[ 29.612820] Call Trace:\n[ 29.613030] <TASK>\n[ 29.613201] dump_stack_lvl+0x56/0x6f\n[ 29.613496] ? kmemdup+0x30/0x40\n[ 29.613754] print_report.cold+0x494/0x6b7\n[ 29.614082] ? kmemdup+0x30/0x40\n[ 29.614340] kasan_report+0x8a/0x190\n[ 29.614628] ? kmemdup+0x30/0x40\n[ 29.614888] kasan_check_range+0x14d/0x1d0\n[ 29.615213] memcpy+0x20/0x60\n[ 29.615454] kmemdup+0x30/0x40\n[ 29.615700] lgdt3306a_probe+0x52/0x310\n[ 29.616339] i2c_device_probe+0x951/0xa90",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2022-48772"
|
|
},
|
|
{
|
|
"cve":"CVE-2023-52833",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: Add date->evt_skb is NULL check\n\nfix crash because of null pointers\n\n[ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8\n[ 6104.969667] #PF: supervisor read access in kernel mode\n[ 6104.969668] #PF: error_code(0x0000) - not-present page\n[ 6104.969670] PGD 0 P4D 0\n[ 6104.969673] Oops: 0000 [#1] SMP NOPTI\n[ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb]\n[ 6104.969688] RSP: 0018:ffffb8d681533d48 EFLAGS: 00010246\n[ 6104.969689] RAX: 0000000000000000 RBX: ffff8ad560bb2000 RCX: 0000000000000006\n[ 6104.969691] RDX: 0000000000000000 RSI: ffffb8d681533d08 RDI: 0000000000000000\n[ 6104.969692] RBP: ffffb8d681533d70 R08: 0000000000000001 R09: 0000000000000001\n[ 6104.969694] R10: 0000000000000001 R11: 00000000fa83b2da R12: ffff8ad461d1d7c0\n[ 6104.969695] R13: 0000000000000000 R14: ffff8ad459618c18 R15: ffffb8d681533d90\n[ 6104.969697] FS: 00007f5a1cab9d40(0000) GS:ffff8ad578200000(0000) knlGS:00000\n[ 6104.969699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6104.969700] CR2: 00000000000000c8 CR3: 000000018620c001 CR4: 0000000000760ef0\n[ 6104.969701] PKRU: 55555554\n[ 6104.969702] Call Trace:\n[ 6104.969708] btusb_mtk_shutdown+0x44/0x80 [btusb]\n[ 6104.969732] hci_dev_do_close+0x470/0x5c0 [bluetooth]\n[ 6104.969748] hci_rfkill_set_block+0x56/0xa0 [bluetooth]\n[ 6104.969753] rfkill_set_block+0x92/0x160\n[ 6104.969755] rfkill_fop_write+0x136/0x1e0\n[ 6104.969759] __vfs_write+0x18/0x40\n[ 6104.969761] vfs_write+0xdf/0x1c0\n[ 6104.969763] ksys_write+0xb1/0xe0\n[ 6104.969765] __x64_sys_write+0x1a/0x20\n[ 6104.969769] do_syscall_64+0x51/0x180\n[ 6104.969771] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n[ 6104.969773] RIP: 0033:0x7f5a21f18fef\n[ 6104.9] RSP: 002b:00007ffeefe39010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\n[ 6104.969780] RAX: ffffffffffffffda RBX: 000055c10a7560a0 RCX: 00007f5a21f18fef\n[ 6104.969781] RDX: 0000000000000008 RSI: 00007ffeefe39060 RDI: 0000000000000012\n[ 6104.969782] RBP: 00007ffeefe39060 R08: 0000000000000000 R09: 0000000000000017\n[ 6104.969784] R10: 00007ffeefe38d97 R11: 0000000000000293 R12: 0000000000000002\n[ 6104.969785] R13: 00007ffeefe39220 R14: 00007ffeefe391a0 R15: 000055c10a72acf0",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2023-52833"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-31076",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline\n\nThe absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of\ninterrupt affinity reconfiguration via procfs. Instead, the change is\ndeferred until the next instance of the interrupt being triggered on the\noriginal CPU.\n\nWhen the interrupt next triggers on the original CPU, the new affinity is\nenforced within __irq_move_irq(). A vector is allocated from the new CPU,\nbut the old vector on the original CPU remains and is not immediately\nreclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming\nprocess is delayed until the next trigger of the interrupt on the new CPU.\n\nUpon the subsequent triggering of the interrupt on the new CPU,\nirq_complete_move() adds a task to the old CPU's vector_cleanup list if it\nremains online. Subsequently, the timer on the old CPU iterates over its\nvector_cleanup list, reclaiming old vectors.\n\nHowever, a rare scenario arises if the old CPU is outgoing before the\ninterrupt triggers again on the new CPU.\n\nIn that case irq_force_complete_move() is not invoked on the outgoing CPU\nto reclaim the old apicd->prev_vector because the interrupt isn't currently\naffine to the outgoing CPU, and irq_needs_fixup() returns false. Even\nthough __vector_schedule_cleanup() is later called on the new CPU, it\ndoesn't reclaim apicd->prev_vector; instead, it simply resets both\napicd->move_in_progress and apicd->prev_vector to 0.\n\nAs a result, the vector remains unreclaimed in vector_matrix, leading to a\nCPU vector leak.\n\nTo address this issue, move the invocation of irq_force_complete_move()\nbefore the irq_needs_fixup() call to reclaim apicd->prev_vector, if the\ninterrupt is currently or used to be affine to the outgoing CPU.\n\nAdditionally, reclaim the vector in __vector_schedule_cleanup() as well,\nfollowing a warning message, although theoretically it should never see\napicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-31076"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-35879",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nof: dynamic: Synchronize of_changeset_destroy() with the devlink removals\n\nIn the following sequence:\n 1) of_platform_depopulate()\n 2) of_overlay_remove()\n\nDuring the step 1, devices are destroyed and devlinks are removed.\nDuring the step 2, OF nodes are destroyed but\n__of_changeset_entry_destroy() can raise warnings related to missing\nof_node_put():\n ERROR: memory leak, expected refcount 1 instead of 2 ...\n\nIndeed, during the devlink removals performed at step 1, the removal\nitself releasing the device (and the attached of_node) is done by a job\nqueued in a workqueue and so, it is done asynchronously with respect to\nfunction calls.\nWhen the warning is present, of_node_put() will be called but wrongly\ntoo late from the workqueue job.\n\nIn order to be sure that any ongoing devlink removals are done before\nthe of_node destruction, synchronize the of_changeset_destroy() with the\ndevlink removals.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-35879"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-35893",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_skbmod: prevent kernel-infoleak\n\nsyzbot found that tcf_skbmod_dump() was copying four bytes\nfrom kernel stack to user space [1].\n\nThe issue here is that 'struct tc_skbmod' has a four bytes hole.\n\nWe need to clear the structure before filling fields.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n copy_to_iter include/linux/uio.h:196 [inline]\n simple_copy_to_iter net/core/datagram.c:532 [inline]\n __skb_datagram_iter+0x185/0x1000 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:4050 [inline]\n netlink_recvmsg+0x432/0x1610 net/netlink/af_netlink.c:1962\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n __sys_recvfrom+0x35a/0x5f0 net/socket.c:2242\n __do_sys_recvfrom net/socket.c:2260 [inline]\n __se_sys_recvfrom net/socket.c:2256 [inline]\n __x64_sys_recvfrom+0x126/0x1d0 net/socket.c:2256\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was stored to memory at:\n pskb_expand_head+0x30f/0x19d0 net/core/skbuff.c:2253\n netlink_trim+0x2c2/0x330 net/netlink/af_netlink.c:1317\n netlink_unicast+0x9f/0x1260 net/netlink/af_netlink.c:1351\n nlmsg_unicast include/net/netlink.h:1144 [inline]\n nlmsg_notify+0x21d/0x2f0 net/netlink/af_netlink.c:2610\n rtnetlink_send+0x73/0x90 net/core/rtnetlink.c:741\n rtnetlink_maybe_send include/linux/rtnetlink.h:17 [inline]\n tcf_add_notify net/sched/act_api.c:2048 [inline]\n tcf_action_add net/sched/act_api.c:2071 [inline]\n tc_ctl_action+0x146e/0x19d0 net/sched/act_api.c:2119\n rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2559\n rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6613\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xf4c/0x1260 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10df/0x11f0 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was stored to memory at:\n __nla_put lib/nlattr.c:1041 [inline]\n nla_put+0x1c6/0x230 lib/nlattr.c:1099\n tcf_skbmod_dump+0x23f/0xc20 net/sched/act_skbmod.c:256\n tcf_action_dump_old net/sched/act_api.c:1191 [inline]\n tcf_action_dump_1+0x85e/0x970 net/sched/act_api.c:1227\n tcf_action_dump+0x1fd/0x460 net/sched/act_api.c:1251\n tca_get_fill+0x519/0x7a0 net/sched/act_api.c:1628\n tcf_add_notify_msg net/sched/act_api.c:2023 [inline]\n tcf_add_notify net/sched/act_api.c:2042 [inline]\n tcf_action_add net/sched/act_api.c:2071 [inline]\n tc_ctl_action+0x1365/0x19d0 net/sched/act_api.c:2119\n rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netli\n---truncated---",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-35893"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-35969",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr\n\nAlthough ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it\nstill means hlist_for_each_entry_rcu can return an item that got removed\nfrom the list. The memory itself of such item is not freed thanks to RCU\nbut nothing guarantees the actual content of the memory is sane.\n\nIn particular, the reference count can be zero. This can happen if\nipv6_del_addr is called in parallel. ipv6_del_addr removes the entry\nfrom inet6_addr_lst (hlist_del_init_rcu(&ifp->addr_lst)) and drops all\nreferences (__in6_ifa_put(ifp) + in6_ifa_put(ifp)). With bad enough\ntiming, this can happen:\n\n1. In ipv6_get_ifaddr, hlist_for_each_entry_rcu returns an entry.\n\n2. Then, the whole ipv6_del_addr is executed for the given entry. The\n reference count drops to zero and kfree_rcu is scheduled.\n\n3. ipv6_get_ifaddr continues and tries to increments the reference count\n (in6_ifa_hold).\n\n4. The rcu is unlocked and the entry is freed.\n\n5. The freed entry is returned.\n\nPrevent increasing of the reference count in such case. The name\nin6_ifa_hold_safe is chosen to mimic the existing fib6_info_hold_safe.\n\n[ 41.506330] refcount_t: addition on 0; use-after-free.\n[ 41.506760] WARNING: CPU: 0 PID: 595 at lib/refcount.c:25 refcount_warn_saturate+0xa5/0x130\n[ 41.507413] Modules linked in: veth bridge stp llc\n[ 41.507821] CPU: 0 PID: 595 Comm: python3 Not tainted 6.9.0-rc2.main-00208-g49563be82afa #14\n[ 41.508479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n[ 41.509163] RIP: 0010:refcount_warn_saturate+0xa5/0x130\n[ 41.509586] Code: ad ff 90 0f 0b 90 90 c3 cc cc cc cc 80 3d c0 30 ad 01 00 75 a0 c6 05 b7 30 ad 01 01 90 48 c7 c7 38 cc 7a 8c e8 cc 18 ad ff 90 <0f> 0b 90 90 c3 cc cc cc cc 80 3d 98 30 ad 01 00 0f 85 75 ff ff ff\n[ 41.510956] RSP: 0018:ffffbda3c026baf0 EFLAGS: 00010282\n[ 41.511368] RAX: 0000000000000000 RBX: ffff9e9c46914800 RCX: 0000000000000000\n[ 41.511910] RDX: ffff9e9c7ec29c00 RSI: ffff9e9c7ec1c900 RDI: ffff9e9c7ec1c900\n[ 41.512445] RBP: ffff9e9c43660c9c R08: 0000000000009ffb R09: 00000000ffffdfff\n[ 41.512998] R10: 00000000ffffdfff R11: ffffffff8ca58a40 R12: ffff9e9c4339a000\n[ 41.513534] R13: 0000000000000001 R14: ffff9e9c438a0000 R15: ffffbda3c026bb48\n[ 41.514086] FS: 00007fbc4cda1740(0000) GS:ffff9e9c7ec00000(0000) knlGS:0000000000000000\n[ 41.514726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 41.515176] CR2: 000056233b337d88 CR3: 000000000376e006 CR4: 0000000000370ef0\n[ 41.515713] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 41.516252] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 41.516799] Call Trace:\n[ 41.517037] <TASK>\n[ 41.517249] ? __warn+0x7b/0x120\n[ 41.517535] ? refcount_warn_saturate+0xa5/0x130\n[ 41.517923] ? report_bug+0x164/0x190\n[ 41.518240] ? handle_bug+0x3d/0x70\n[ 41.518541] ? exc_invalid_op+0x17/0x70\n[ 41.520972] ? asm_exc_invalid_op+0x1a/0x20\n[ 41.521325] ? refcount_warn_saturate+0xa5/0x130\n[ 41.521708] ipv6_get_ifaddr+0xda/0xe0\n[ 41.522035] inet6_rtm_getaddr+0x342/0x3f0\n[ 41.522376] ? __pfx_inet6_rtm_getaddr+0x10/0x10\n[ 41.522758] rtnetlink_rcv_msg+0x334/0x3d0\n[ 41.523102] ? netlink_unicast+0x30f/0x390\n[ 41.523445] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n[ 41.523832] netlink_rcv_skb+0x53/0x100\n[ 41.524157] netlink_unicast+0x23b/0x390\n[ 41.524484] netlink_sendmsg+0x1f2/0x440\n[ 41.524826] __sys_sendto+0x1d8/0x1f0\n[ 41.525145] __x64_sys_sendto+0x1f/0x30\n[ 41.525467] do_syscall_64+0xa5/0x1b0\n[ 41.525794] entry_SYSCALL_64_after_hwframe+0x72/0x7a\n[ 41.526213] RIP: 0033:0x7fbc4cfcea9a\n[ 41.526528] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89\n[ 41.527942] RSP: 002b:00007f\n---truncated---",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-35969"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-35988",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix TASK_SIZE on 64-bit NOMMU\n\nOn NOMMU, userspace memory can come from anywhere in physical RAM. The\ncurrent definition of TASK_SIZE is wrong if any RAM exists above 4G,\ncausing spurious failures in the userspace access routines.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-35988"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-36014",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/arm/malidp: fix a possible null pointer dereference\n\nIn malidp_mw_connector_reset, new memory is allocated with kzalloc, but\nno check is performed. In order to prevent null pointer dereferencing,\nensure that mw_state is checked before calling\n__drm_atomic_helper_connector_reset.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-36014"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-36489",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix missing memory barrier in tls_init\n\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\n\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx->sk_proto = READ_ONCE(sk->sk_prot) -(1)\n\n// In update_sk_prot()\nWRITE_ONCE(sk->sk_prot, tls_prots) -(2)\n\n // In sock_common_setsockopt()\n READ_ONCE(sk->sk_prot)->setsockopt()\n\n // In tls_{setsockopt,getsockopt}()\n ctx->sk_proto->setsockopt() -(3)\n\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx->sk_proto, causing NULL dereference.\n\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is\ninitialized, we can ensure that ctx->sk_proto are visible when\nchanging sk->sk_prot.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":4.7,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-36489"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-37353",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: delete vq in vp_find_vqs_msix() when request_irq() fails\n\nWhen request_irq() fails, error path calls vp_del_vqs(). There, as vq is\npresent in the list, free_irq() is called for the same vector. That\ncauses following splat:\n\n[ 0.414355] Trying to free already-free IRQ 27\n[ 0.414403] WARNING: CPU: 1 PID: 1 at kernel/irq/manage.c:1899 free_irq+0x1a1/0x2d0\n[ 0.414510] Modules linked in:\n[ 0.414540] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc4+ #27\n[ 0.414540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014\n[ 0.414540] RIP: 0010:free_irq+0x1a1/0x2d0\n[ 0.414540] Code: 1e 00 48 83 c4 08 48 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 8b 74 24 04 48 c7 c7 98 80 6c b1 e8 00 c9 f7 ff 90 <0f> 0b 90 90 48 89 ee 4c 89 ef e8 e0 20 b8 00 49 8b 47 40 48 8b 40\n[ 0.414540] RSP: 0000:ffffb71480013ae0 EFLAGS: 00010086\n[ 0.414540] RAX: 0000000000000000 RBX: ffffa099c2722000 RCX: 0000000000000000\n[ 0.414540] RDX: 0000000000000000 RSI: ffffb71480013998 RDI: 0000000000000001\n[ 0.414540] RBP: 0000000000000246 R08: 00000000ffffdfff R09: 0000000000000001\n[ 0.414540] R10: 00000000ffffdfff R11: ffffffffb18729c0 R12: ffffa099c1c91760\n[ 0.414540] R13: ffffa099c1c916a4 R14: ffffa099c1d2f200 R15: ffffa099c1c91600\n[ 0.414540] FS: 0000000000000000(0000) GS:ffffa099fec40000(0000) knlGS:0000000000000000\n[ 0.414540] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 0.414540] CR2: 0000000000000000 CR3: 0000000008e3e001 CR4: 0000000000370ef0\n[ 0.414540] Call Trace:\n[ 0.414540] <TASK>\n[ 0.414540] ? __warn+0x80/0x120\n[ 0.414540] ? free_irq+0x1a1/0x2d0\n[ 0.414540] ? report_bug+0x164/0x190\n[ 0.414540] ? handle_bug+0x3b/0x70\n[ 0.414540] ? exc_invalid_op+0x17/0x70\n[ 0.414540] ? asm_exc_invalid_op+0x1a/0x20\n[ 0.414540] ? free_irq+0x1a1/0x2d0\n[ 0.414540] vp_del_vqs+0xc1/0x220\n[ 0.414540] vp_find_vqs_msix+0x305/0x470\n[ 0.414540] vp_find_vqs+0x3e/0x1a0\n[ 0.414540] vp_modern_find_vqs+0x1b/0x70\n[ 0.414540] init_vqs+0x387/0x600\n[ 0.414540] virtnet_probe+0x50a/0xc80\n[ 0.414540] virtio_dev_probe+0x1e0/0x2b0\n[ 0.414540] really_probe+0xc0/0x2c0\n[ 0.414540] ? __pfx___driver_attach+0x10/0x10\n[ 0.414540] __driver_probe_device+0x73/0x120\n[ 0.414540] driver_probe_device+0x1f/0xe0\n[ 0.414540] __driver_attach+0x88/0x180\n[ 0.414540] bus_for_each_dev+0x85/0xd0\n[ 0.414540] bus_add_driver+0xec/0x1f0\n[ 0.414540] driver_register+0x59/0x100\n[ 0.414540] ? __pfx_virtio_net_driver_init+0x10/0x10\n[ 0.414540] virtio_net_driver_init+0x90/0xb0\n[ 0.414540] do_one_initcall+0x58/0x230\n[ 0.414540] kernel_init_freeable+0x1a3/0x2d0\n[ 0.414540] ? __pfx_kernel_init+0x10/0x10\n[ 0.414540] kernel_init+0x1a/0x1c0\n[ 0.414540] ret_from_fork+0x31/0x50\n[ 0.414540] ? __pfx_kernel_init+0x10/0x10\n[ 0.414540] ret_from_fork_asm+0x1a/0x30\n[ 0.414540] </TASK>\n\nFix this by calling deleting the current vq when request_irq() fails.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"LOW",
|
|
"baseScore":3.9,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Low",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-37353"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-37354",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix crash on racing fsync and size-extending write into prealloc\n\nWe have been seeing crashes on duplicate keys in\nbtrfs_set_item_key_safe():\n\n BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2620!\n invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]\n\nWith the following stack trace:\n\n #0 btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)\n #1 btrfs_drop_extents (fs/btrfs/file.c:411:4)\n #2 log_one_extent (fs/btrfs/tree-log.c:4732:9)\n #3 btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)\n #4 btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)\n #5 btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)\n #6 btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)\n #7 btrfs_sync_file (fs/btrfs/file.c:1933:8)\n #8 vfs_fsync_range (fs/sync.c:188:9)\n #9 vfs_fsync (fs/sync.c:202:9)\n #10 do_fsync (fs/sync.c:212:9)\n #11 __do_sys_fdatasync (fs/sync.c:225:9)\n #12 __se_sys_fdatasync (fs/sync.c:223:1)\n #13 __x64_sys_fdatasync (fs/sync.c:223:1)\n #14 do_syscall_x64 (arch/x86/entry/common.c:52:14)\n #15 do_syscall_64 (arch/x86/entry/common.c:83:7)\n #16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)\n\nSo we're logging a changed extent from fsync, which is splitting an\nextent in the log tree. But this split part already exists in the tree,\ntriggering the BUG().\n\nThis is the state of the log tree at the time of the crash, dumped with\ndrgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)\nto get more details than btrfs_print_leaf() gives us:\n\n >>> print_extent_buffer(prog.crashed_thread().stack_trace()[0][\"eb\"])\n leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610\n leaf 33439744 flags 0x100000000000000\n fs uuid e5bd3946-400c-4223-8923-190ef1f18677\n chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da\n item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160\n generation 7 transid 9 size 8192 nbytes 8473563889606862198\n block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0\n sequence 204 flags 0x10(PREALLOC)\n atime 1716417703.220000000 (2024-05-22 15:41:43)\n ctime 1716417704.983333333 (2024-05-22 15:41:44)\n mtime 1716417704.983333333 (2024-05-22 15:41:44)\n otime 17592186044416.000000000 (559444-03-08 01:40:16)\n item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13\n index 195 namelen 3 name: 193\n item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37\n location key (0 UNKNOWN.0 0) type XATTR\n transid 7 data_len 1 name_len 6\n name: user.a\n data a\n item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53\n generation 9 type 1 (regular)\n extent data disk byte 303144960 nr 12288\n extent data offset 0 nr 4096 ram 12288\n extent compression 0 (none)\n item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 4096 nr 8192\n item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 8192 nr 4096\n ...\n\nSo the real problem happened earlier: notice that items 4 (4k-12k) and 5\n(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and\nitem 5 starts at i_size.\n\nHere is the state of \n---truncated---",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":6.1,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-37354"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38381",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: Fix uninit-value in nci_rx_work\n\nsyzbot reported the following uninit-value access issue [1]\n\nnci_rx_work() parses received packet from ndev->rx_q. It should be\nvalidated header size, payload size and total packet size before\nprocessing the packet. If an invalid packet is detected, it should be\nsilently discarded.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.3,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38381"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38547",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries\n\nThe allocation failure of mycs->yuv_scaler_binary in load_video_binaries()\nis followed with a dereference of mycs->yuv_scaler_binary after the\nfollowing call chain:\n\nsh_css_pipe_load_binaries()\n |-> load_video_binaries(mycs->yuv_scaler_binary == NULL)\n |\n |-> sh_css_pipe_unload_binaries()\n |-> unload_video_binaries()\n\nIn unload_video_binaries(), it calls to ia_css_binary_unload with argument\n&pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the\nsame memory slot as mycs->yuv_scaler_binary. Thus, a null-pointer\ndereference is triggered.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":4.4,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38547"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38552",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential index out of bounds in color transformation function\n\nFixes index out of bounds issue in the color transformation function.\nThe issue could occur when the index 'i' exceeds the number of transfer\nfunction points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, an error message is\nlogged and the function returns false to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:407 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":6.1,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38552"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38554",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issue of net_device\n\nThere is a reference count leak issue of the object \"net_device\" in\nax25_dev_device_down(). When the ax25 device is shutting down, the\nax25_dev_device_down() drops the reference count of net_device one\nor zero times depending on if we goto unlock_put or not, which will\ncause memory leak.\n\nIn order to solve the above issue, decrease the reference count of\nnet_device after dev->ax25_ptr is set to null.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":4.1,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38554"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38577",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow\n\nThere is a possibility of buffer overflow in\nshow_rcu_tasks_trace_gp_kthread() if counters, passed\nto sprintf() are huge. Counter numbers, needed for this\nare unrealistically high, but buffer overflow is still\npossible.\n\nUse snprintf() with buffer size instead of sprintf().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":6.4,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38577"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38579",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: bcm - Fix pointer arithmetic\n\nIn spu2_dump_omd() value of ptr is increased by ciph_key_len\ninstead of hash_iv_len which could lead to going beyond the\nbuffer boundaries.\nFix this bug by changing ciph_key_len to hash_iv_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":6.1,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38579"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38582",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential hang in nilfs_detach_log_writer()\n\nSyzbot has reported a potential hang in nilfs_detach_log_writer() called\nduring nilfs2 unmount.\n\nAnalysis revealed that this is because nilfs_segctor_sync(), which\nsynchronizes with the log writer thread, can be called after\nnilfs_segctor_destroy() terminates that thread, as shown in the call trace\nbelow:\n\nnilfs_detach_log_writer\n nilfs_segctor_destroy\n nilfs_segctor_kill_thread --> Shut down log writer thread\n flush_work\n nilfs_iput_work_func\n nilfs_dispose_list\n iput\n nilfs_evict_inode\n nilfs_transaction_commit\n nilfs_construct_segment (if inode needs sync)\n nilfs_segctor_sync --> Attempt to synchronize with\n log writer thread\n *** DEADLOCK ***\n\nFix this issue by changing nilfs_segctor_sync() so that the log writer\nthread returns normally without synchronizing after it terminates, and by\nforcing tasks that are already waiting to complete once after the thread\nterminates.\n\nThe skipped inode metadata flushout will then be processed together in the\nsubsequent cleanup work in nilfs_segctor_destroy().",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"NONE",
|
|
"baseScore":0.0,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"None",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38582"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38583",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free of timer for log writer thread\n\nPatch series \"nilfs2: fix log writer related issues\".\n\nThis bug fix series covers three nilfs2 log writer-related issues,\nincluding a timer use-after-free issue and potential deadlock issue on\nunmount, and a potential freeze issue in event synchronization found\nduring their analysis. Details are described in each commit log.\n\n\nThis patch (of 3):\n\nA use-after-free issue has been reported regarding the timer sc_timer on\nthe nilfs_sc_info structure.\n\nThe problem is that even though it is used to wake up a sleeping log\nwriter thread, sc_timer is not shut down until the nilfs_sc_info structure\nis about to be freed, and is used regardless of the thread's lifetime.\n\nFix this issue by limiting the use of sc_timer only while the log writer\nthread is alive.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"HIGH",
|
|
"baseScore":7.0,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"High",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38583"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38590",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Modify the print level of CQE error\n\nToo much print may lead to a panic in kernel. Change ibdev_err() to\nibdev_err_ratelimited(), and change the printing level of cqe dump\nto debug level.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":4.7,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38590"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38598",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix resync softlockup when bitmap size is less than array size\n\nIs is reported that for dm-raid10, lvextend + lvchange --syncaction will\ntrigger following softlockup:\n\nkernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]\nCPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1\nRIP: 0010:_raw_spin_unlock_irq+0x13/0x30\nCall Trace:\n <TASK>\n md_bitmap_start_sync+0x6b/0xf0\n raid10_sync_request+0x25c/0x1b40 [raid10]\n md_do_sync+0x64b/0x1020\n md_thread+0xa7/0x170\n kthread+0xcf/0x100\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1a/0x30\n\nAnd the detailed process is as follows:\n\nmd_do_sync\n j = mddev->resync_min\n while (j < max_sectors)\n sectors = raid10_sync_request(mddev, j, &skipped)\n if (!md_bitmap_start_sync(..., &sync_blocks))\n // md_bitmap_start_sync set sync_blocks to 0\n return sync_blocks + sectors_skippe;\n // sectors = 0;\n j += sectors;\n // j never change\n\nRoot cause is that commit 301867b1c168 (\"md/raid10: check\nslab-out-of-bounds in md_bitmap_get_counter\") return early from\nmd_bitmap_get_counter(), without setting returned blocks.\n\nFix this problem by always set returned blocks from\nmd_bitmap_get_counter\"(), as it used to be.\n\nNoted that this patch just fix the softlockup problem in kernel, the\ncase that bitmap size doesn't match array size still need to be fixed.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":4.4,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38598"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38602",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issues of ax25_dev\n\nThe ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference\ncount leak issue of the object \"ax25_dev\".\n\nMemory leak issue in ax25_addr_ax25dev():\n\nThe reference count of the object \"ax25_dev\" can be increased multiple\ntimes in ax25_addr_ax25dev(). This will cause a memory leak.\n\nMemory leak issues in ax25_dev_device_down():\n\nThe reference count of ax25_dev is set to 1 in ax25_dev_device_up() and\nthen increase the reference count when ax25_dev is added to ax25_dev_list.\nAs a result, the reference count of ax25_dev is 2. But when the device is\nshutting down. The ax25_dev_device_down() drops the reference count once\nor twice depending on if we goto unlock_put or not, which will cause\nmemory leak.\n\nAs for the issue of ax25_addr_ax25dev(), it is impossible for one pointer\nto be on a list twice. So add a break in ax25_addr_ax25dev(). As for the\nissue of ax25_dev_device_down(), increase the reference count of ax25_dev\nonce in ax25_dev_device_up() and decrease the reference count of ax25_dev\nafter it is removed from the ax25_dev_list.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38602"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38603",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()\n\npci_alloc_irq_vectors() allocates an irq vector. When devm_add_action()\nfails, the irq vector is not freed, which leads to a memory leak.\n\nReplace the devm_add_action with devm_add_action_or_reset to ensure\nthe irq vector can be destroyed when it fails.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38603"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38615",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: exit() callback is optional\n\nThe exit() callback is optional and shouldn't be called without checking\na valid pointer first.\n\nAlso, we must clear freq_table pointer even if the exit() callback isn't\npresent.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38615"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38621",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: fix bounds checking in stk1160_copy_video()\n\nThe subtract in this condition is reversed. The ->length is the length\nof the buffer. The ->bytesused is how many bytes we have copied thus\nfar. When the condition is reversed that means the result of the\nsubtraction is always negative but since it's unsigned then the result\nis a very high positive value. That means the overflow check is never\ntrue.\n\nAdditionally, the ->bytesused doesn't actually work for this purpose\nbecause we're not writing to \"buf->mem + buf->bytesused\". Instead, the\nmath to calculate the destination where we are writing is a bit\ninvolved. You calculate the number of full lines already written,\nmultiply by two, skip a line if necessary so that we start on an odd\nnumbered line, and add the offset into the line.\n\nTo fix this buffer overflow, just take the actual destination where we\nare writing, if the offset is already out of bounds print an error and\nreturn. Otherwise, write up to buf->length bytes.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38621"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38623",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use variable length array instead of fixed size\n\nShould fix smatch warning:\n\tntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"CRITICAL",
|
|
"baseScore":9.8,
|
|
"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Critical",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38623"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38625",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check 'folio' pointer for NULL\n\nIt can be NULL if bmap is called.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38625"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38633",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Update uart_driver_registered on driver removal\n\nThe removal of the last MAX3100 device triggers the removal of\nthe driver. However, code doesn't update the respective global\nvariable and after insmod — rmmod — insmod cycle the kernel\noopses:\n\n max3100 spi-PRP0001:01: max3100_probe: adding port 0\n BUG: kernel NULL pointer dereference, address: 0000000000000408\n ...\n RIP: 0010:serial_core_register_port+0xa0/0x840\n ...\n max3100_probe+0x1b6/0x280 [max3100]\n spi_probe+0x8d/0xb0\n\nUpdate the actual state so next time UART driver will be registered\nagain.\n\nHugo also noticed, that the error path in the probe also affected\nby having the variable set, and not cleared. Instead of clearing it\nmove the assignment after the successfull uart_register_driver() call.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38633"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38634",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Lock port->lock when calling uart_handle_cts_change()\n\nuart_handle_cts_change() has to be called with port lock taken,\nSince we run it in a separate work, the lock may not be taken at\nthe time of running. Make sure that it's taken by explicitly doing\nthat. Without it we got a splat:\n\n WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0\n ...\n Workqueue: max3100-0 max3100_work [max3100]\n RIP: 0010:uart_handle_cts_change+0xa6/0xb0\n ...\n max3100_handlerx+0xc5/0x110 [max3100]\n max3100_work+0x12a/0x340 [max3100]",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38634"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38637",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: lights: check return of get_channel_from_mode\n\nIf channel for the given node is not found we return null from\nget_channel_from_mode. Make sure we validate the return pointer\nbefore using it in two of the missing places.\n\nThis was originally reported in [0]:\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"LOW",
|
|
"baseScore":3.9,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Low",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38637"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-38780",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:dma-buf/sw-sync: don t enable IRQ from sync_print_obj()Since commit a6aa8fca4d79 ( dma-buf/sw-sync: Reduce irqsave/irqrestore fromknown context ) by error replaced spin_unlock_irqrestore() withspin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despitesync_print_obj() is called from sync_debugfs_show(), lockdep complainsinconsistent lock state warning.Use plain spin_{lock,unlock}() for sync_print_obj(), forsync_debugfs_show() is already using spin_{lock,unlock}_irq().",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-38780"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-39301",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix uninit-value in p9_client_rpc()\n\nSyzbot with the help of KMSAN reported the following error:\n\nBUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]\nBUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n trace_9p_client_res include/trace/events/9p.h:146 [inline]\n p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2175 [inline]\n allocate_slab mm/slub.c:2338 [inline]\n new_slab+0x2de/0x1400 mm/slub.c:2391\n ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525\n __slab_alloc mm/slub.c:3610 [inline]\n __slab_alloc_node mm/slub.c:3663 [inline]\n slab_alloc_node mm/slub.c:3835 [inline]\n kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852\n p9_tag_alloc net/9p/client.c:278 [inline]\n p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641\n p9_client_rpc+0x27e/0x1340 net/9p/client.c:688\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nIf p9_check_errors() fails early in p9_client_rpc(), req->rc.tag\nwill not be properly initialized. However, trace_9p_client_res()\nends up trying to print it out anyway before p9_client_rpc()\nfinishes.\n\nFix this issue by assigning default values to p9_fcall fields\nsuch as 'tag' and (just in case KMSAN unearths something new) 'id'\nduring the tag allocation stage.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-39301"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-39362",
|
|
"notes":[
|
|
{
|
|
"text":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-39362"
|
|
},
|
|
{
|
|
"cve":"CVE-2024-39467",
|
|
"notes":[
|
|
{
|
|
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()\n\nsyzbot reports a kernel bug as below:\n\nF2FS-fs (loop0): Mounted with checkpoint version = 48b305e4\n==================================================================\nBUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\nBUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline]\nBUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\nRead of size 1 at addr ffff88807a58c76c by task syz-executor280/5076\n\nCPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\n current_nat_addr fs/f2fs/node.h:213 [inline]\n f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\n f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline]\n f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925\n ioctl_fiemap fs/ioctl.c:220 [inline]\n do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838\n __do_sys_ioctl fs/ioctl.c:902 [inline]\n __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is we missed to do sanity check on i_xattr_nid during\nf2fs_iget(), so that in fiemap() path, current_nat_addr() will access\nnat_bitmap w/ offset from invalid i_xattr_nid, result in triggering\nkasan bug report, fix it.",
|
|
"category":"description",
|
|
"title":"Vulnerability Description"
|
|
}
|
|
],
|
|
"product_status":{
|
|
"fixed":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
},
|
|
"remediations":[
|
|
{
|
|
"product_ids":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
],
|
|
"details":"kernel security update",
|
|
"category":"vendor_fix",
|
|
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1839"
|
|
}
|
|
],
|
|
"scores":[
|
|
{
|
|
"cvss_v3":{
|
|
"baseSeverity":"MEDIUM",
|
|
"baseScore":5.5,
|
|
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version":"3.1"
|
|
},
|
|
"products":[
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.x86_64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-218.0.0.121.oe2203sp3.aarch64",
|
|
"openEuler-22.03-LTS-SP3:kernel-5.10.0-218.0.0.121.oe2203sp3.src"
|
|
]
|
|
}
|
|
],
|
|
"threats":[
|
|
{
|
|
"details":"Medium",
|
|
"category":"impact"
|
|
}
|
|
],
|
|
"title":"CVE-2024-39467"
|
|
}
|
|
]
|
|
} |