jiachao2130/csaf2cusa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5cde716b34
csaf2cusa/csaf/advisories/2024/csaf-openEuler-SA-2024-1863.json
Jia Chao 6669e5b3b8 修改,适用 csaf 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-24 15:38:55 +08:00

5548 lines
352 KiB
JSON
Raw Blame History

{
"document":{
"aggregate_severity":{
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
"text":"Critical"
},
"category":"csaf_vex",
"csaf_version":"2.0",
"distribution":{
"tlp":{
"label":"WHITE",
"url":"https:/www.first.org/tlp/"
}
},
"lang":"en",
"notes":[
{
"text":"kernel security update",
"category":"general",
"title":"Synopsis"
},
{
"text":"An update for kernel is now available for openEuler-24.03-LTS",
"category":"general",
"title":"Summary"
},
{
"text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation\n\nEach attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a\nstruct ifla_vf_vlan_info so the size of such attribute needs to be at least\nof sizeof(struct ifla_vf_vlan_info) which is 14 bytes.\nThe current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes)\nwhich is less than sizeof(struct ifla_vf_vlan_info) so this validation\nis not enough and a too small attribute might be cast to a\nstruct ifla_vf_vlan_info, this might result in an out of bands\nread access when accessing the saved (casted) entry in ivvl.(CVE-2024-36017)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'\n\nWriting 'power' and 'submit_queues' concurrently will trigger kernel\npanic:\n\nTest script:\n\nmodprobe null_blk nr_devices=0\nmkdir -p /sys/kernel/config/nullb/nullb0\nwhile true; do echo 1 > submit_queues; echo 4 > submit_queues; done &\nwhile true; do echo 1 > power; echo 0 > power; done\n\nTest result:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000148\nOops: 0000 [#1] PREEMPT SMP\nRIP: 0010:__lock_acquire+0x41d/0x28f0\nCall Trace:\n <TASK>\n lock_acquire+0x121/0x450\n down_write+0x5f/0x1d0\n simple_recursive_removal+0x12f/0x5c0\n blk_mq_debugfs_unregister_hctxs+0x7c/0x100\n blk_mq_update_nr_hw_queues+0x4a3/0x720\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_submit_queues_store+0x79/0xf0 [null_blk]\n configfs_write_iter+0x119/0x1e0\n vfs_write+0x326/0x730\n ksys_write+0x74/0x150\n\nThis is because del_gendisk() can concurrent with\nblk_mq_update_nr_hw_queues():\n\nnullb_device_power_store\tnullb_apply_submit_queues\n null_del_dev\n del_gendisk\n\t\t\t\t nullb_update_nr_hw_queues\n\t\t\t\t if (!dev->nullb)\n\t\t\t\t // still set while gendisk is deleted\n\t\t\t\t return 0\n\t\t\t\t blk_mq_update_nr_hw_queues\n dev->nullb = NULL\n\nFix this problem by resuing the global mutex to protect\nnullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.(CVE-2024-36478)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntracing/probes: fix error check in parse_btf_field()\n\nbtf_find_struct_member() might return NULL or an error via the\nERR_PTR() macro. However, its caller in parse_btf_field() only checks\nfor the NULL condition. Fix this by using IS_ERR() and returning the\nerror up the stack.(CVE-2024-36481)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()\n\nlpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the\nhbalock. Thus, lpfc_worker_wake_up() should not be called while holding the\nhbalock to avoid potential deadlock.(CVE-2024-36924)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: reject skb_copy(_expand) for fraglist GSO skbs\n\nSKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become\ninvalid. Return NULL if such an skb is passed to skb_copy or\nskb_copy_expand, in order to prevent a crash on a potential later\ncall to skb_gso_segment.(CVE-2024-36929)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a lbuf-sized kernel buffer and copy lbuf from\nuserspace to that buffer. Later, we use scanf on this buffer but we don't\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using scanf. Fix this issue by using memdup_user_nul instead.(CVE-2024-36931)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: range check cp bad op exception interrupts\n\nDue to a CP interrupt bug, bad packet garbage exception codes are raised.\nDo a range check so that the debugger and runtime do not receive garbage\ncodes.\nUpdate the user api to guard exception code type checking as well.(CVE-2024-36951)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: fix list corruption from reorder of WRITE ->lqueued\n\n__blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start\nis being executed.\n\nIf WRITE of `->lqueued` is re-ordered with READ of 'bisc->lnode.next' in\nthe loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with one\nstat instance being added in blk_cgroup_bio_start(), then the local\nlist in __blkcg_rstat_flush() could be corrupted.\n\nFix the issue by adding one barrier.(CVE-2024-38384)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix overwriting ct original tuple for ICMPv6\n\nOVS_PACKET_CMD_EXECUTE has 3 main attributes:\n - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format.\n - OVS_PACKET_ATTR_PACKET - Binary packet content.\n - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet.\n\nOVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure\nwith the metadata like conntrack state, input port, recirculation id,\netc. Then the packet itself gets parsed to populate the rest of the\nkeys from the packet headers.\n\nWhenever the packet parsing code starts parsing the ICMPv6 header, it\nfirst zeroes out fields in the key corresponding to Neighbor Discovery\ninformation even if it is not an ND packet.\n\nIt is an 'ipv6.nd' field. However, the 'ipv6' is a union that shares\nthe space between 'nd' and 'ct_orig' that holds the original tuple\nconntrack metadata parsed from the OVS_PACKET_ATTR_KEY.\n\nND packets should not normally have conntrack state, so it's fine to\nshare the space, but normal ICMPv6 Echo packets or maybe other types of\nICMPv6 can have the state attached and it should not be overwritten.\n\nThe issue results in all but the last 4 bytes of the destination\naddress being wiped from the original conntrack tuple leading to\nincorrect packet matching and potentially executing wrong actions\nin case this packet recirculates within the datapath or goes back\nto userspace.\n\nND fields should not be accessed in non-ND packets, so not clearing\nthem should be fine. Executing memset() only for actual ND packets to\navoid the issue.\n\nInitializing the whole thing before parsing is needed because ND packet\nmay not contain all the options.\n\nThe issue only affects the OVS_PACKET_CMD_EXECUTE path and doesn't\naffect packets entering OVS datapath from network interfaces, because\nin this case CT metadata is populated from skb after the packet is\nalready parsed.(CVE-2024-38558)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix potential glock use-after-free on unmount\n\nWhen a DLM lockspace is released and there ares still locks in that\nlockspace, DLM will unlock those locks automatically. Commit\nfb6791d100d1b started exploiting this behavior to speed up filesystem\nunmount: gfs2 would simply free glocks it didn't want to unlock and then\nrelease the lockspace. This didn't take the bast callbacks for\nasynchronous lock contention notifications into account, which remain\nactive until until a lock is unlocked or its lockspace is released.\n\nTo prevent those callbacks from accessing deallocated objects, put the\nglocks that should not be unlocked on the sd_dead_glocks list, release\nthe lockspace, and only then free those glocks.\n\nAs an additional measure, ignore unexpected ast and bast callbacks if\nthe receiving glock is dead.(CVE-2024-38570)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c(CVE-2024-38581)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free of timer for log writer thread\n\nPatch series \"nilfs2: fix log writer related issues\".\n\nThis bug fix series covers three nilfs2 log writer-related issues,\nincluding a timer use-after-free issue and potential deadlock issue on\nunmount, and a potential freeze issue in event synchronization found\nduring their analysis. Details are described in each commit log.\n\n\nThis patch (of 3):\n\nA use-after-free issue has been reported regarding the timer sc_timer on\nthe nilfs_sc_info structure.\n\nThe problem is that even though it is used to wake up a sleeping log\nwriter thread, sc_timer is not shut down until the nilfs_sc_info structure\nis about to be freed, and is used regardless of the thread's lifetime.\n\nFix this issue by limiting the use of sc_timer only while the log writer\nthread is alive.(CVE-2024-38583)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nr8169: Fix possible ring buffer corruption on fragmented Tx packets.\n\nAn issue was found on the RTL8125b when transmitting small fragmented\npackets, whereby invalid entries were inserted into the transmit ring\nbuffer, subsequently leading to calls to dma_unmap_single() with a null\naddress.\n\nThis was caused by rtl8169_start_xmit() not noticing changes to nr_frags\nwhich may occur when small packets are padded (to work around hardware\nquirks) in rtl8169_tso_csum_v2().\n\nTo fix this, postpone inspecting nr_frags until after any padding has been\napplied.(CVE-2024-38586)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nopenrisc: traps: Don't send signals to kernel mode threads\n\nOpenRISC exception handling sends signals to user processes on floating\npoint exceptions and trap instructions (for debugging) among others.\nThere is a bug where the trap handling logic may send signals to kernel\nthreads, we should not send these signals to kernel threads, if that\nhappens we treat it as an error.\n\nThis patch adds conditions to die if the kernel receives these\nexceptions in kernel mode code.(CVE-2024-38614)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Remove HCI_AMP support\n\nSince BT_HS has been remove HCI_AMP controllers no longer has any use so\nremove it along with the capability of creating AMP controllers.\n\nSince we no longer need to differentiate between AMP and Primary\ncontrollers, as only HCI_PRIMARY is left, this also remove\nhdev->dev_type altogether.(CVE-2024-38620)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix potential memory leak in vfio_intx_enable()\n\nIf vfio_irq_ctx_alloc() failed will lead to 'name' memory leak.(CVE-2024-38632)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ns390/ap: Fix crash in AP internal function modify_bitmap()\n\nA system crash like this\n\n Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403\n Fault in home space mode while using kernel ASCE.\n AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d\n Oops: 0038 ilc:3 [#1] PREEMPT SMP\n Modules linked in: mlx5_ib ...\n CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8\n Hardware name: IBM 3931 A01 704 (LPAR)\n Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\n Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3\n 000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0\n 000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff\n 000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8\n Krnl Code: 0000014b75e7b5fc: a7840047 brc 8,0000014b75e7b68a\n 0000014b75e7b600: 18b2 lr %r11,%r2\n #0000014b75e7b602: a7f4000a brc 15,0000014b75e7b616\n >0000014b75e7b606: eb22d00000e6 laog %r2,%r2,0(%r13)\n 0000014b75e7b60c: a7680001 lhi %r6,1\n 0000014b75e7b610: 187b lr %r7,%r11\n 0000014b75e7b612: 84960021 brxh %r9,%r6,0000014b75e7b654\n 0000014b75e7b616: 18e9 lr %r14,%r9\n Call Trace:\n [<0000014b75e7b606>] ap_parse_bitmap_str+0x10e/0x1f8\n ([<0000014b75e7b5dc>] ap_parse_bitmap_str+0xe4/0x1f8)\n [<0000014b75e7b758>] apmask_store+0x68/0x140\n [<0000014b75679196>] kernfs_fop_write_iter+0x14e/0x1e8\n [<0000014b75598524>] vfs_write+0x1b4/0x448\n [<0000014b7559894c>] ksys_write+0x74/0x100\n [<0000014b7618a440>] __do_syscall+0x268/0x328\n [<0000014b761a3558>] system_call+0x70/0x98\n INFO: lockdep is turned off.\n Last Breaking-Event-Address:\n [<0000014b75e7b636>] ap_parse_bitmap_str+0x13e/0x1f8\n Kernel panic - not syncing: Fatal exception: panic_on_oops\n\noccured when /sys/bus/ap/a[pq]mask was updated with a relative mask value\n(like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX.\n\nThe fix is simple: use unsigned long values for the internal variables. The\ncorrect checks are already in place in the function but a simple int for\nthe internal variables was used with the possibility to overflow.(CVE-2024-38661)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: dvp: Assign ->num before accessing ->hws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of 'struct clk_hw_onecell_data'\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nclk_dvp_probe() due to ->num being assigned after ->hws has been\naccessed:\n\n UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2\n index 0 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]')\n\nMove the ->num initialization to before the first access of ->hws, which\nclears up the warning.(CVE-2024-39462)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix notifier list entry init\n\nstruct v4l2_async_notifier has several list_head members, but only\nwaiting_list and done_list are initialized. notifier_entry was kept\n'zeroed' leading to an uninitialized list_head.\nThis results in a NULL-pointer dereference if csi2_async_register() fails,\ne.g. node for remote endpoint is disabled, and returns -ENOTCONN.\nThe following calls to v4l2_async_nf_unregister() results in a NULL\npointer dereference.\nAdd the missing list head initializer.(CVE-2024-39464)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: starfive - Do not free stack buffer\n\nRSA text data uses variable length buffer allocated in software stack.\nCalling kfree on it causes undefined behaviour in subsequent operations.(CVE-2024-39478)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hwmon: Get rid of devm\n\nWhen both hwmon and hwmon drvdata (on which hwmon depends) are device\nmanaged resources, the expectation, on device unbind, is that hwmon will be\nreleased before drvdata. However, in i915 there are two separate code\npaths, which both release either drvdata or hwmon and either can be\nreleased before the other. These code paths (for device unbind) are as\nfollows (see also the bug referenced below):\n\nCall Trace:\nrelease_nodes+0x11/0x70\ndevres_release_group+0xb2/0x110\ncomponent_unbind_all+0x8d/0xa0\ncomponent_del+0xa5/0x140\nintel_pxp_tee_component_fini+0x29/0x40 [i915]\nintel_pxp_fini+0x33/0x80 [i915]\ni915_driver_remove+0x4c/0x120 [i915]\ni915_pci_remove+0x19/0x30 [i915]\npci_device_remove+0x32/0xa0\ndevice_release_driver_internal+0x19c/0x200\nunbind_store+0x9c/0xb0\n\nand\n\nCall Trace:\nrelease_nodes+0x11/0x70\ndevres_release_all+0x8a/0xc0\ndevice_unbind_cleanup+0x9/0x70\ndevice_release_driver_internal+0x1c1/0x200\nunbind_store+0x9c/0xb0\n\nThis means that in i915, if use devm, we cannot gurantee that hwmon will\nalways be released before drvdata. Which means that we have a uaf if hwmon\nsysfs is accessed when drvdata has been released but hwmon hasn't.\n\nThe only way out of this seems to be do get rid of devm_ and release/free\neverything explicitly during device unbind.\n\nv2: Change commit message and other minor code changes\nv3: Cleanup from i915_hwmon_register on error (Armin Wolf)\nv4: Eliminate potential static analyzer warning (Rodrigo)\n Eliminate fetch_and_zero (Jani)\nv5: Restore previous logic for ddat_gt->hwmon_dev error return (Andi)(CVE-2024-39479)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nkdb: Fix buffer overflow during tab-complete\n\nCurrently, when the user attempts symbol completion with the Tab key, kdb\nwill use strncpy() to insert the completed symbol into the command buffer.\nUnfortunately it passes the size of the source buffer rather than the\ndestination to strncpy() with predictably horrible results. Most obviously\nif the command buffer is already full but cp, the cursor position, is in\nthe middle of the buffer, then we will write past the end of the supplied\nbuffer.\n\nFix this by replacing the dubious strncpy() calls with memmove()/memcpy()\ncalls plus explicit boundary checks to make sure we have enough space\nbefore we start moving characters around.(CVE-2024-39480)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()\n\nIn function bond_option_arp_ip_targets_set(), if newval->string is an\nempty string, newval->string+1 will point to the byte after the\nstring, causing an out-of-bound read.\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418\nRead of size 1 at addr ffff8881119c4781 by task syz-executor665/8107\nCPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0xc1/0x5e0 mm/kasan/report.c:475\n kasan_report+0xbe/0xf0 mm/kasan/report.c:588\n strlen+0x7d/0xa0 lib/string.c:418\n __fortify_strlen include/linux/fortify-string.h:210 [inline]\n in4_pton+0xa3/0x3f0 net/core/utils.c:130\n bond_option_arp_ip_targets_set+0xc2/0x910\ndrivers/net/bonding/bond_options.c:1201\n __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767\n __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792\n bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817\n bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156\n dev_attr_store+0x54/0x80 drivers/base/core.c:2366\n sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136\n kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x96a/0xd80 fs/read_write.c:584\n ksys_write+0x122/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n---[ end trace ]---\n\nFix it by adding a check of string length before using it.(CVE-2024-39487)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\narm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY\n\nWhen CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes\nto bug_table entries, and as a result the last entry in a bug table will\nbe ignored, potentially leading to an unexpected panic(). All prior\nentries in the table will be handled correctly.\n\nThe arm64 ABI requires that struct fields of up to 8 bytes are\nnaturally-aligned, with padding added within a struct such that struct\nare suitably aligned within arrays.\n\nWhen CONFIG_DEBUG_BUGVERPOSE=y, the layout of a bug_entry is:\n\n\tstruct bug_entry {\n\t\tsigned int bug_addr_disp;\t// 4 bytes\n\t\tsigned int file_disp;\t// 4 bytes\n\t\tunsigned short line;\t\t// 2 bytes\n\t\tunsigned short flags;\t\t// 2 bytes\n\t}\n\n... with 12 bytes total, requiring 4-byte alignment.\n\nWhen CONFIG_DEBUG_BUGVERBOSE=n, the layout of a bug_entry is:\n\n\tstruct bug_entry {\n\t\tsigned int bug_addr_disp;\t// 4 bytes\n\t\tunsigned short flags;\t\t// 2 bytes\n\t\t< implicit padding >\t\t// 2 bytes\n\t}\n\n... with 8 bytes total, with 6 bytes of data and 2 bytes of trailing\npadding, requiring 4-byte alginment.\n\nWhen we create a bug_entry in assembly, we align the start of the entry\nto 4 bytes, which implicitly handles padding for any prior entries.\nHowever, we do not align the end of the entry, and so when\nCONFIG_DEBUG_BUGVERBOSE=n, the final entry lacks the trailing padding\nbytes.\n\nFor the main kernel image this is not a problem as find_bug() doesn't\ndepend on the trailing padding bytes when searching for entries:\n\n\tfor (bug = __start___bug_table; bug < __stop___bug_table; ++bug)\n\t\tif (bugaddr == bug_addr(bug))\n\t\t\treturn bug;\n\nHowever for modules, module_bug_finalize() depends on the trailing\nbytes when calculating the number of entries:\n\n\tmod->num_bugs = sechdrs[i].sh_size / sizeof(struct bug_entry);\n\n... and as the last bug_entry lacks the necessary padding bytes, this entry\nwill not be counted, e.g. in the case of a single entry:\n\n\tsechdrs[i].sh_size == 6\n\tsizeof(struct bug_entry) == 8;\n\n\tsechdrs[i].sh_size / sizeof(struct bug_entry) == 0;\n\nConsequently module_find_bug() will miss the last bug_entry when it does:\n\n\tfor (i = 0; i < mod->num_bugs; ++i, ++bug)\n\t\tif (bugaddr == bug_addr(bug))\n\t\t\tgoto out;\n\n... which can lead to a kenrel panic due to an unhandled bug.\n\nThis can be demonstrated with the following module:\n\n\tstatic int __init buginit(void)\n\t{\n\t\tWARN(1, \"hello\\n\");\n\t\treturn 0;\n\t}\n\n\tstatic void __exit bugexit(void)\n\t{\n\t}\n\n\tmodule_init(buginit);\n\tmodule_exit(bugexit);\n\tMODULE_LICENSE(\"GPL\");\n\n... which will trigger a kernel panic when loaded:\n\n\t------------[ cut here ]------------\n\thello\n\tUnexpected kernel BRK exception at EL1\n\tInternal error: BRK handler: 00000000f2000800 [#1] PREEMPT SMP\n\tModules linked in: hello(O+)\n\tCPU: 0 PID: 50 Comm: insmod Tainted: G O 6.9.1 #8\n\tHardware name: linux,dummy-virt (DT)\n\tpstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n\tpc : buginit+0x18/0x1000 [hello]\n\tlr : buginit+0x18/0x1000 [hello]\n\tsp : ffff800080533ae0\n\tx29: ffff800080533ae0 x28: 0000000000000000 x27: 0000000000000000\n\tx26: ffffaba8c4e70510 x25: ffff800080533c30 x24: ffffaba8c4a28a58\n\tx23: 0000000000000000 x22: 0000000000000000 x21: ffff3947c0eab3c0\n\tx20: ffffaba8c4e3f000 x19: ffffaba846464000 x18: 0000000000000006\n\tx17: 0000000000000000 x16: ffffaba8c2492834 x15: 0720072007200720\n\tx14: 0720072007200720 x13: ffffaba8c49b27c8 x12: 0000000000000312\n\tx11: 0000000000000106 x10: ffffaba8c4a0a7c8 x9 : ffffaba8c49b27c8\n\tx8 : 00000000ffffefff x7 : ffffaba8c4a0a7c8 x6 : 80000000fffff000\n\tx5 : 0000000000000107 x4 : 0000000000000000 x3 : 0000000000000000\n\tx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff3947c0eab3c0\n\tCall trace:\n\t buginit+0x18/0x1000 [hello]\n\t do_one_initcall+0x80/0x1c8\n\t do_init_module+0x60/0x218\n\t load_module+0x1ba4/0x1d70\n\t __do_sys_init_module+0x198/0x1d0\n\t __arm64_sys_init_module+0x1c/0x28\n\t invoke_syscall+0x48/0x114\n\t el0_svc\n---truncated---(CVE-2024-39488)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix memleak in seg6_hmac_init_algo\n\nseg6_hmac_init_algo returns without cleaning up the previous allocations\nif one fails, so it's going to leak all that memory and the crypto tfms.\n\nUpdate seg6_hmac_exit to only free the memory when allocated, so we can\nreuse the code directly.(CVE-2024-39489)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsock_map: avoid race between sock_map_close and sk_psock_put\n\nsk_psock_get will return NULL if the refcount of psock has gone to 0, which\nwill happen when the last call of sk_psock_put is done. However,\nsk_psock_drop may not have finished yet, so the close callback will still\npoint to sock_map_close despite psock being NULL.\n\nThis can be reproduced with a thread deleting an element from the sock map,\nwhile the second one creates a socket, adds it to the map and closes it.\n\nThat will trigger the WARN_ON_ONCE:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 7220 at net/core/sock_map.c:1701 sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701\nModules linked in:\nCPU: 1 PID: 7220 Comm: syz-executor380 Not tainted 6.9.0-syzkaller-07726-g3c999d1ae3c7 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nRIP: 0010:sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701\nCode: df e8 92 29 88 f8 48 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 79 29 88 f8 4c 8b 23 eb 89 e8 4f 15 23 f8 90 <0f> 0b 90 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 13 26 3d 02\nRSP: 0018:ffffc9000441fda8 EFLAGS: 00010293\nRAX: ffffffff89731ae1 RBX: ffffffff94b87540 RCX: ffff888029470000\nRDX: 0000000000000000 RSI: ffffffff8bcab5c0 RDI: ffffffff8c1faba0\nRBP: 0000000000000000 R08: ffffffff92f9b61f R09: 1ffffffff25f36c3\nR10: dffffc0000000000 R11: fffffbfff25f36c4 R12: ffffffff89731840\nR13: ffff88804b587000 R14: ffff88804b587000 R15: ffffffff89731870\nFS: 000055555e080380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 00000000207d4000 CR4: 0000000000350ef0\nCall Trace:\n <TASK>\n unix_release+0x87/0xc0 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0xbe/0x240 net/socket.c:1421\n __fput+0x42b/0x8a0 fs/file_table.c:422\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close fs/open.c:1541 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1541\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fb37d618070\nCode: 00 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d4 e8 10 2c 00 00 80 3d 31 f0 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c\nRSP: 002b:00007ffcd4a525d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb37d618070\nRDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000100000000 R09: 0000000100000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n </TASK>\n\nUse sk_psock, which will only check that the pointer is not been set to\nNULL yet, which should only happen after the callbacks are restored. If,\nthen, a reference can still be gotten, we may call sk_psock_stop and cancel\npsock->work.\n\nAs suggested by Paolo Abeni, reorder the condition so the control flow is\nless convoluted.\n\nAfter that change, the reproducer does not trigger the WARN_ON_ONCE\nanymore.(CVE-2024-39500)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nionic: fix use after netif_napi_del()\n\nWhen queues are started, netif_napi_add() and napi_enable() are called.\nIf there are 4 queues and only 3 queues are used for the current\nconfiguration, only 3 queues' napi should be registered and enabled.\nThe ionic_qcq_enable() checks whether the .poll pointer is not NULL for\nenabling only the using queue' napi. Unused queues' napi will not be\nregistered by netif_napi_add(), so the .poll pointer indicates NULL.\nBut it couldn't distinguish whether the napi was unregistered or not\nbecause netif_napi_del() doesn't reset the .poll pointer to NULL.\nSo, ionic_qcq_enable() calls napi_enable() for the queue, which was\nunregistered by netif_napi_del().\n\nReproducer:\n ethtool -L <interface name> rx 1 tx 1 combined 0\n ethtool -L <interface name> rx 0 tx 0 combined 1\n ethtool -L <interface name> rx 0 tx 0 combined 4\n\nSplat looks like:\nkernel BUG at net/core/dev.c:6666!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 1057 Comm: kworker/3:3 Not tainted 6.10.0-rc2+ #16\nWorkqueue: events ionic_lif_deferred_work [ionic]\nRIP: 0010:napi_enable+0x3b/0x40\nCode: 48 89 c2 48 83 e2 f6 80 b9 61 09 00 00 00 74 0d 48 83 bf 60 01 00 00 00 74 03 80 ce 01 f0 4f\nRSP: 0018:ffffb6ed83227d48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff97560cda0828 RCX: 0000000000000029\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff97560cda0a28\nRBP: ffffb6ed83227d50 R08: 0000000000000400 R09: 0000000000000001\nR10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000\nR13: ffff97560ce3c1a0 R14: 0000000000000000 R15: ffff975613ba0a20\nFS: 0000000000000000(0000) GS:ffff975d5f780000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8f734ee200 CR3: 0000000103e50000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? die+0x33/0x90\n ? do_trap+0xd9/0x100\n ? napi_enable+0x3b/0x40\n ? do_error_trap+0x83/0xb0\n ? napi_enable+0x3b/0x40\n ? napi_enable+0x3b/0x40\n ? exc_invalid_op+0x4e/0x70\n ? napi_enable+0x3b/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? napi_enable+0x3b/0x40\n ionic_qcq_enable+0xb7/0x180 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_start_queues+0xc4/0x290 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_link_status_check+0x11c/0x170 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_lif_deferred_work+0x129/0x280 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n process_one_work+0x145/0x360\n worker_thread+0x2bb/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xcc/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30(CVE-2024-39502)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244(CVE-2024-40905)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_una is properly initialized on connect\n\nThis is strictly related to commit fb7a0d334894 (\"mptcp: ensure snd_nxt\nis properly initialized on connect\"). It turns out that syzkaller can\ntrigger the retransmit after fallback and before processing any other\nincoming packet - so that snd_una is still left uninitialized.\n\nAddress the issue explicitly initializing snd_una together with snd_nxt\nand write_seq.(CVE-2024-40931)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()\n\nFix a memory leak on logi_dj_recv_send_report() error path.(CVE-2024-40934)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()\n\nThe cs35l41_hda_unbind() function clears the hda_component entry\nmatching it's index and then dereferences the codec pointer held in the\nfirst element of the hda_component array, this is an issue when the\ndevice index was 0.\n\nInstead use the codec pointer stashed in the cs35l41_hda structure as it\nwill still be valid.(CVE-2024-40964)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: remove clear SB_INLINECRYPT flag in default_options\n\nIn f2fs_remount, SB_INLINECRYPT flag will be clear and re-set.\nIf create new file or open file during this gap, these files\nwill not use inlinecrypt. Worse case, it may lead to data\ncorruption if wrappedkey_v0 is enable.\n\nThread A: Thread B:\n\n-f2fs_remount\t\t\t\t-f2fs_file_open or f2fs_new_inode\n -default_options\n\t<- clear SB_INLINECRYPT flag\n\n -fscrypt_select_encryption_impl\n\n -parse_options\n\t<- set SB_INLINECRYPT again(CVE-2024-40971)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix memory leak on CPU EPP exit\n\nThe cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is\nnot freed in the analogous exit function, so fix that.\n\n[ rjw: Subject and changelog edits ](CVE-2024-40997)",
"category":"general",
"title":"Description"
},
{
"text":"An update for kernel is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"category":"general",
"title":"Topic"
},
{
"text":"Critical",
"category":"general",
"title":"Severity"
},
{
"text":"kernel",
"category":"general",
"title":"Affected Component"
}
],
"publisher":{
"issuing_authority":"openEuler security committee",
"name":"openEuler",
"namespace":"https://www.openeuler.org",
"contact_details":"openeuler-security@openeuler.org",
"category":"vendor"
},
"references":[
{
"summary":"openEuler-SA-2024-1863",
"category":"self",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
},
{
"summary":"CVE-2024-36017",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36017&packageName=kernel"
},
{
"summary":"CVE-2024-36478",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36478&packageName=kernel"
},
{
"summary":"CVE-2024-36481",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36481&packageName=kernel"
},
{
"summary":"CVE-2024-36924",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36924&packageName=kernel"
},
{
"summary":"CVE-2024-36929",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36929&packageName=kernel"
},
{
"summary":"CVE-2024-36931",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36931&packageName=kernel"
},
{
"summary":"CVE-2024-36951",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36951&packageName=kernel"
},
{
"summary":"CVE-2024-38384",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38384&packageName=kernel"
},
{
"summary":"CVE-2024-38558",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38558&packageName=kernel"
},
{
"summary":"CVE-2024-38570",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38570&packageName=kernel"
},
{
"summary":"CVE-2024-38581",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38581&packageName=kernel"
},
{
"summary":"CVE-2024-38583",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38583&packageName=kernel"
},
{
"summary":"CVE-2024-38586",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38586&packageName=kernel"
},
{
"summary":"CVE-2024-38614",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38614&packageName=kernel"
},
{
"summary":"CVE-2024-38620",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38620&packageName=kernel"
},
{
"summary":"CVE-2024-38632",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38632&packageName=kernel"
},
{
"summary":"CVE-2024-38661",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38661&packageName=kernel"
},
{
"summary":"CVE-2024-39462",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39462&packageName=kernel"
},
{
"summary":"CVE-2024-39464",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39464&packageName=kernel"
},
{
"summary":"CVE-2024-39478",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39478&packageName=kernel"
},
{
"summary":"CVE-2024-39479",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39479&packageName=kernel"
},
{
"summary":"CVE-2024-39480",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39480&packageName=kernel"
},
{
"summary":"CVE-2024-39487",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39487&packageName=kernel"
},
{
"summary":"CVE-2024-39488",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39488&packageName=kernel"
},
{
"summary":"CVE-2024-39489",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39489&packageName=kernel"
},
{
"summary":"CVE-2024-39500",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39500&packageName=kernel"
},
{
"summary":"CVE-2024-39502",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39502&packageName=kernel"
},
{
"summary":"CVE-2024-40905",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40905&packageName=kernel"
},
{
"summary":"CVE-2024-40931",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40931&packageName=kernel"
},
{
"summary":"CVE-2024-40934",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40934&packageName=kernel"
},
{
"summary":"CVE-2024-40964",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40964&packageName=kernel"
},
{
"summary":"CVE-2024-40971",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40971&packageName=kernel"
},
{
"summary":"CVE-2024-40997",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40997&packageName=kernel"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36017"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36478"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36481"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36924"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36929"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36931"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36951"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38384"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38558"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38570"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38581"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38583"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38586"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38614"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38620"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38632"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38661"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39462"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39464"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39478"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39479"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39480"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39487"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39488"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39489"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39500"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39502"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40905"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40931"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40934"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40964"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40971"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40997"
},
{
"summary":"openEuler-SA-2024-1863 vex file",
"category":"self",
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1863.json"
}
],
"title":"An update for kernel is now available for openEuler-24.03-LTS",
"tracking":{
"initial_release_date":"2024-07-19T21:24:07+08:00",
"revision_history":[
{
"date":"2024-07-19T21:24:07+08:00",
"summary":"Initial",
"number":"1.0.0"
},
{
"date":"2024-07-22T11:19:45+08:00",
"summary":"final",
"number":"2.0.0"
}
],
"generator":{
"date":"2024-07-22T11:19:45+08:00",
"engine":{
"name":"openEuler CSAF Tool V1.0"
}
},
"current_release_date":"2024-07-22T11:19:45+08:00",
"id":"openEuler-SA-2024-1863",
"version":"2.0.0",
"status":"final"
}
},
"product_tree":{
"branches":[
{
"name":"openEuler",
"category":"vendor",
"branches":[
{
"name":"openEuler",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"openEuler-24.03-LTS",
"name":"openEuler-24.03-LTS"
},
"name":"openEuler-24.03-LTS",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"aarch64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"bpftool-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"bpftool-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"kernel-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"kernel-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-source-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"kernel-source-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"kernel-source-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"perf-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"perf-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"python3-perf-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"python3-perf-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"name":"python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm"
},
"name":"python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"x86_64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"bpftool-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"bpftool-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"kernel-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"kernel-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-source-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"kernel-source-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"kernel-source-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"perf-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"perf-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"python3-perf-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"python3-perf-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"name":"python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm"
},
"name":"python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"src",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-6.6.0-34.0.0.41.oe2403.src.rpm",
"name":"kernel-6.6.0-34.0.0.41.oe2403.src.rpm"
},
"name":"kernel-6.6.0-34.0.0.41.oe2403.src.rpm",
"category":"product_version"
}
],
"category":"product_name"
}
]
}
],
"relationships":[
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"bpftool-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"kernel-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-source-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"kernel-source-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"perf-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"python3-perf-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"name":"python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"bpftool-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"kernel-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-source-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"kernel-source-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"perf-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"python3-perf-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"name":"python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-6.6.0-34.0.0.41.oe2403.src.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src",
"name":"kernel-6.6.0-34.0.0.41.oe2403.src as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
}
]
},
"vulnerabilities":[
{
"cve":"CVE-2024-36017",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation\n\nEach attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a\nstruct ifla_vf_vlan_info so the size of such attribute needs to be at least\nof sizeof(struct ifla_vf_vlan_info) which is 14 bytes.\nThe current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes)\nwhich is less than sizeof(struct ifla_vf_vlan_info) so this validation\nis not enough and a too small attribute might be cast to a\nstruct ifla_vf_vlan_info, this might result in an out of bands\nread access when accessing the saved (casted) entry in ivvl.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":6.1,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36017"
},
{
"cve":"CVE-2024-36478",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'\n\nWriting 'power' and 'submit_queues' concurrently will trigger kernel\npanic:\n\nTest script:\n\nmodprobe null_blk nr_devices=0\nmkdir -p /sys/kernel/config/nullb/nullb0\nwhile true; do echo 1 > submit_queues; echo 4 > submit_queues; done &\nwhile true; do echo 1 > power; echo 0 > power; done\n\nTest result:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000148\nOops: 0000 [#1] PREEMPT SMP\nRIP: 0010:__lock_acquire+0x41d/0x28f0\nCall Trace:\n <TASK>\n lock_acquire+0x121/0x450\n down_write+0x5f/0x1d0\n simple_recursive_removal+0x12f/0x5c0\n blk_mq_debugfs_unregister_hctxs+0x7c/0x100\n blk_mq_update_nr_hw_queues+0x4a3/0x720\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_submit_queues_store+0x79/0xf0 [null_blk]\n configfs_write_iter+0x119/0x1e0\n vfs_write+0x326/0x730\n ksys_write+0x74/0x150\n\nThis is because del_gendisk() can concurrent with\nblk_mq_update_nr_hw_queues():\n\nnullb_device_power_store\tnullb_apply_submit_queues\n null_del_dev\n del_gendisk\n\t\t\t\t nullb_update_nr_hw_queues\n\t\t\t\t if (!dev->nullb)\n\t\t\t\t // still set while gendisk is deleted\n\t\t\t\t return 0\n\t\t\t\t blk_mq_update_nr_hw_queues\n dev->nullb = NULL\n\nFix this problem by resuing the global mutex to protect\nnullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.1,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36478"
},
{
"cve":"CVE-2024-36481",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:tracing/probes: fix error check in parse_btf_field()btf_find_struct_member() might return NULL or an error via theERR_PTR() macro. However, its caller in parse_btf_field() only checksfor the NULL condition. Fix this by using IS_ERR() and returning theerror up the stack.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36481"
},
{
"cve":"CVE-2024-36924",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()\n\nlpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the\nhbalock. Thus, lpfc_worker_wake_up() should not be called while holding the\nhbalock to avoid potential deadlock.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.7,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36924"
},
{
"cve":"CVE-2024-36929",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: reject skb_copy(_expand) for fraglist GSO skbs\n\nSKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become\ninvalid. Return NULL if such an skb is passed to skb_copy or\nskb_copy_expand, in order to prevent a crash on a potential later\ncall to skb_gso_segment.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.7,
"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36929"
},
{
"cve":"CVE-2024-36931",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a lbuf-sized kernel buffer and copy lbuf from\nuserspace to that buffer. Later, we use scanf on this buffer but we don't\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using scanf. Fix this issue by using memdup_user_nul instead.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"LOW",
"baseScore":3.9,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Low",
"category":"impact"
}
],
"title":"CVE-2024-36931"
},
{
"cve":"CVE-2024-36951",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: range check cp bad op exception interrupts\n\nDue to a CP interrupt bug, bad packet garbage exception codes are raised.\nDo a range check so that the debugger and runtime do not receive garbage\ncodes.\nUpdate the user api to guard exception code type checking as well.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36951"
},
{
"cve":"CVE-2024-38384",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: fix list corruption from reorder of WRITE ->lqueued\n\n__blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start\nis being executed.\n\nIf WRITE of `->lqueued` is re-ordered with READ of 'bisc->lnode.next' in\nthe loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with one\nstat instance being added in blk_cgroup_bio_start(), then the local\nlist in __blkcg_rstat_flush() could be corrupted.\n\nFix the issue by adding one barrier.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":8.4,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-38384"
},
{
"cve":"CVE-2024-38558",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix overwriting ct original tuple for ICMPv6\n\nOVS_PACKET_CMD_EXECUTE has 3 main attributes:\n - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format.\n - OVS_PACKET_ATTR_PACKET - Binary packet content.\n - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet.\n\nOVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure\nwith the metadata like conntrack state, input port, recirculation id,\netc. Then the packet itself gets parsed to populate the rest of the\nkeys from the packet headers.\n\nWhenever the packet parsing code starts parsing the ICMPv6 header, it\nfirst zeroes out fields in the key corresponding to Neighbor Discovery\ninformation even if it is not an ND packet.\n\nIt is an 'ipv6.nd' field. However, the 'ipv6' is a union that shares\nthe space between 'nd' and 'ct_orig' that holds the original tuple\nconntrack metadata parsed from the OVS_PACKET_ATTR_KEY.\n\nND packets should not normally have conntrack state, so it's fine to\nshare the space, but normal ICMPv6 Echo packets or maybe other types of\nICMPv6 can have the state attached and it should not be overwritten.\n\nThe issue results in all but the last 4 bytes of the destination\naddress being wiped from the original conntrack tuple leading to\nincorrect packet matching and potentially executing wrong actions\nin case this packet recirculates within the datapath or goes back\nto userspace.\n\nND fields should not be accessed in non-ND packets, so not clearing\nthem should be fine. Executing memset() only for actual ND packets to\navoid the issue.\n\nInitializing the whole thing before parsing is needed because ND packet\nmay not contain all the options.\n\nThe issue only affects the OVS_PACKET_CMD_EXECUTE path and doesn't\naffect packets entering OVS datapath from network interfaces, because\nin this case CT metadata is populated from skb after the packet is\nalready parsed.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38558"
},
{
"cve":"CVE-2024-38570",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix potential glock use-after-free on unmount\n\nWhen a DLM lockspace is released and there ares still locks in that\nlockspace, DLM will unlock those locks automatically. Commit\nfb6791d100d1b started exploiting this behavior to speed up filesystem\nunmount: gfs2 would simply free glocks it didn't want to unlock and then\nrelease the lockspace. This didn't take the bast callbacks for\nasynchronous lock contention notifications into account, which remain\nactive until until a lock is unlocked or its lockspace is released.\n\nTo prevent those callbacks from accessing deallocated objects, put the\nglocks that should not be unlocked on the sd_dead_glocks list, release\nthe lockspace, and only then free those glocks.\n\nAs an additional measure, ignore unexpected ast and bast callbacks if\nthe receiving glock is dead.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":6.7,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38570"
},
{
"cve":"CVE-2024-38581",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":6.6,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38581"
},
{
"cve":"CVE-2024-38583",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free of timer for log writer thread\n\nPatch series \"nilfs2: fix log writer related issues\".\n\nThis bug fix series covers three nilfs2 log writer-related issues,\nincluding a timer use-after-free issue and potential deadlock issue on\nunmount, and a potential freeze issue in event synchronization found\nduring their analysis. Details are described in each commit log.\n\n\nThis patch (of 3):\n\nA use-after-free issue has been reported regarding the timer sc_timer on\nthe nilfs_sc_info structure.\n\nThe problem is that even though it is used to wake up a sleeping log\nwriter thread, sc_timer is not shut down until the nilfs_sc_info structure\nis about to be freed, and is used regardless of the thread's lifetime.\n\nFix this issue by limiting the use of sc_timer only while the log writer\nthread is alive.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.0,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-38583"
},
{
"cve":"CVE-2024-38586",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nr8169: Fix possible ring buffer corruption on fragmented Tx packets.\n\nAn issue was found on the RTL8125b when transmitting small fragmented\npackets, whereby invalid entries were inserted into the transmit ring\nbuffer, subsequently leading to calls to dma_unmap_single() with a null\naddress.\n\nThis was caused by rtl8169_start_xmit() not noticing changes to nr_frags\nwhich may occur when small packets are padded (to work around hardware\nquirks) in rtl8169_tso_csum_v2().\n\nTo fix this, postpone inspecting nr_frags until after any padding has been\napplied.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.7,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38586"
},
{
"cve":"CVE-2024-38614",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nopenrisc: traps: Don't send signals to kernel mode threads\n\nOpenRISC exception handling sends signals to user processes on floating\npoint exceptions and trap instructions (for debugging) among others.\nThere is a bug where the trap handling logic may send signals to kernel\nthreads, we should not send these signals to kernel threads, if that\nhappens we treat it as an error.\n\nThis patch adds conditions to die if the kernel receives these\nexceptions in kernel mode code.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38614"
},
{
"cve":"CVE-2024-38620",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Remove HCI_AMP support\n\nSince BT_HS has been remove HCI_AMP controllers no longer has any use so\nremove it along with the capability of creating AMP controllers.\n\nSince we no longer need to differentiate between AMP and Primary\ncontrollers, as only HCI_PRIMARY is left, this also remove\nhdev->dev_type altogether.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.4,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38620"
},
{
"cve":"CVE-2024-38632",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix potential memory leak in vfio_intx_enable()\n\nIf vfio_irq_ctx_alloc() failed will lead to 'name' memory leak.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38632"
},
{
"cve":"CVE-2024-38661",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ap: Fix crash in AP internal function modify_bitmap()\n\nA system crash like this\n\n Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403\n Fault in home space mode while using kernel ASCE.\n AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d\n Oops: 0038 ilc:3 [#1] PREEMPT SMP\n Modules linked in: mlx5_ib ...\n CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8\n Hardware name: IBM 3931 A01 704 (LPAR)\n Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\n Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3\n 000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0\n 000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff\n 000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8\n Krnl Code: 0000014b75e7b5fc: a7840047 brc 8,0000014b75e7b68a\n 0000014b75e7b600: 18b2 lr %r11,%r2\n #0000014b75e7b602: a7f4000a brc 15,0000014b75e7b616\n >0000014b75e7b606: eb22d00000e6 laog %r2,%r2,0(%r13)\n 0000014b75e7b60c: a7680001 lhi %r6,1\n 0000014b75e7b610: 187b lr %r7,%r11\n 0000014b75e7b612: 84960021 brxh %r9,%r6,0000014b75e7b654\n 0000014b75e7b616: 18e9 lr %r14,%r9\n Call Trace:\n [<0000014b75e7b606>] ap_parse_bitmap_str+0x10e/0x1f8\n ([<0000014b75e7b5dc>] ap_parse_bitmap_str+0xe4/0x1f8)\n [<0000014b75e7b758>] apmask_store+0x68/0x140\n [<0000014b75679196>] kernfs_fop_write_iter+0x14e/0x1e8\n [<0000014b75598524>] vfs_write+0x1b4/0x448\n [<0000014b7559894c>] ksys_write+0x74/0x100\n [<0000014b7618a440>] __do_syscall+0x268/0x328\n [<0000014b761a3558>] system_call+0x70/0x98\n INFO: lockdep is turned off.\n Last Breaking-Event-Address:\n [<0000014b75e7b636>] ap_parse_bitmap_str+0x13e/0x1f8\n Kernel panic - not syncing: Fatal exception: panic_on_oops\n\noccured when /sys/bus/ap/a[pq]mask was updated with a relative mask value\n(like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX.\n\nThe fix is simple: use unsigned long values for the internal variables. The\ncorrect checks are already in place in the function but a simple int for\nthe internal variables was used with the possibility to overflow.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38661"
},
{
"cve":"CVE-2024-39462",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:clk: bcm: dvp: Assign ->num before accessing ->hwsCommit f316cdff8d67 ( clk: Annotate struct clk_hw_onecell_data with__counted_by ) annotated the hws member of struct clk_hw_onecell_data with __counted_by, which informs the bounds sanitizer about the numberof elements in hws, so that it can warn when hws is accessed out ofbounds. As noted in that change, the __counted_by member must beinitialized with the number of elements before the first array accesshappens, otherwise there will be a warning from each access prior to theinitialization because the number of elements is zero. This occurs inclk_dvp_probe() due to ->num being assigned after ->hws has beenaccessed: UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2 index 0 is out of range for type struct clk_hw *[] __counted_by(num) (aka struct clk_hw *[] )Move the ->num initialization to before the first access of ->hws, whichclears up the warning.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"CRITICAL",
"baseScore":9.8,
"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Critical",
"category":"impact"
}
],
"title":"CVE-2024-39462"
},
{
"cve":"CVE-2024-39464",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix notifier list entry init\n\nstruct v4l2_async_notifier has several list_head members, but only\nwaiting_list and done_list are initialized. notifier_entry was kept\n'zeroed' leading to an uninitialized list_head.\nThis results in a NULL-pointer dereference if csi2_async_register() fails,\ne.g. node for remote endpoint is disabled, and returns -ENOTCONN.\nThe following calls to v4l2_async_nf_unregister() results in a NULL\npointer dereference.\nAdd the missing list head initializer.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.4,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39464"
},
{
"cve":"CVE-2024-39478",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: starfive - Do not free stack buffer\n\nRSA text data uses variable length buffer allocated in software stack.\nCalling kfree on it causes undefined behaviour in subsequent operations.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39478"
},
{
"cve":"CVE-2024-39479",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hwmon: Get rid of devm\n\nWhen both hwmon and hwmon drvdata (on which hwmon depends) are device\nmanaged resources, the expectation, on device unbind, is that hwmon will be\nreleased before drvdata. However, in i915 there are two separate code\npaths, which both release either drvdata or hwmon and either can be\nreleased before the other. These code paths (for device unbind) are as\nfollows (see also the bug referenced below):\n\nCall Trace:\nrelease_nodes+0x11/0x70\ndevres_release_group+0xb2/0x110\ncomponent_unbind_all+0x8d/0xa0\ncomponent_del+0xa5/0x140\nintel_pxp_tee_component_fini+0x29/0x40 [i915]\nintel_pxp_fini+0x33/0x80 [i915]\ni915_driver_remove+0x4c/0x120 [i915]\ni915_pci_remove+0x19/0x30 [i915]\npci_device_remove+0x32/0xa0\ndevice_release_driver_internal+0x19c/0x200\nunbind_store+0x9c/0xb0\n\nand\n\nCall Trace:\nrelease_nodes+0x11/0x70\ndevres_release_all+0x8a/0xc0\ndevice_unbind_cleanup+0x9/0x70\ndevice_release_driver_internal+0x1c1/0x200\nunbind_store+0x9c/0xb0\n\nThis means that in i915, if use devm, we cannot gurantee that hwmon will\nalways be released before drvdata. Which means that we have a uaf if hwmon\nsysfs is accessed when drvdata has been released but hwmon hasn't.\n\nThe only way out of this seems to be do get rid of devm_ and release/free\neverything explicitly during device unbind.\n\nv2: Change commit message and other minor code changes\nv3: Cleanup from i915_hwmon_register on error (Armin Wolf)\nv4: Eliminate potential static analyzer warning (Rodrigo)\n Eliminate fetch_and_zero (Jani)\nv5: Restore previous logic for ddat_gt->hwmon_dev error return (Andi)",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.8,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-39479"
},
{
"cve":"CVE-2024-39480",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:kdb: Fix buffer overflow during tab-completeCurrently, when the user attempts symbol completion with the Tab key, kdbwill use strncpy() to insert the completed symbol into the command buffer.Unfortunately it passes the size of the source buffer rather than thedestination to strncpy() with predictably horrible results. Most obviouslyif the command buffer is already full but cp, the cursor position, is inthe middle of the buffer, then we will write past the end of the suppliedbuffer.Fix this by replacing the dubious strncpy() calls with memmove()/memcpy()calls plus explicit boundary checks to make sure we have enough spacebefore we start moving characters around.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39480"
},
{
"cve":"CVE-2024-39487",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()\n\nIn function bond_option_arp_ip_targets_set(), if newval->string is an\nempty string, newval->string+1 will point to the byte after the\nstring, causing an out-of-bound read.\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418\nRead of size 1 at addr ffff8881119c4781 by task syz-executor665/8107\nCPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0xc1/0x5e0 mm/kasan/report.c:475\n kasan_report+0xbe/0xf0 mm/kasan/report.c:588\n strlen+0x7d/0xa0 lib/string.c:418\n __fortify_strlen include/linux/fortify-string.h:210 [inline]\n in4_pton+0xa3/0x3f0 net/core/utils.c:130\n bond_option_arp_ip_targets_set+0xc2/0x910\ndrivers/net/bonding/bond_options.c:1201\n __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767\n __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792\n bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817\n bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156\n dev_attr_store+0x54/0x80 drivers/base/core.c:2366\n sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136\n kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x96a/0xd80 fs/read_write.c:584\n ksys_write+0x122/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n---[ end trace ]---\n\nFix it by adding a check of string length before using it.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39487"
},
{
"cve":"CVE-2024-39488",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\narm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY\n\nWhen CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes\nto bug_table entries, and as a result the last entry in a bug table will\nbe ignored, potentially leading to an unexpected panic(). All prior\nentries in the table will be handled correctly.\n\nThe arm64 ABI requires that struct fields of up to 8 bytes are\nnaturally-aligned, with padding added within a struct such that struct\nare suitably aligned within arrays.\n\nWhen CONFIG_DEBUG_BUGVERPOSE=y, the layout of a bug_entry is:\n\n\tstruct bug_entry {\n\t\tsigned int bug_addr_disp;\t// 4 bytes\n\t\tsigned int file_disp;\t// 4 bytes\n\t\tunsigned short line;\t\t// 2 bytes\n\t\tunsigned short flags;\t\t// 2 bytes\n\t}\n\n... with 12 bytes total, requiring 4-byte alignment.\n\nWhen CONFIG_DEBUG_BUGVERBOSE=n, the layout of a bug_entry is:\n\n\tstruct bug_entry {\n\t\tsigned int bug_addr_disp;\t// 4 bytes\n\t\tunsigned short flags;\t\t// 2 bytes\n\t\t< implicit padding >\t\t// 2 bytes\n\t}\n\n... with 8 bytes total, with 6 bytes of data and 2 bytes of trailing\npadding, requiring 4-byte alginment.\n\nWhen we create a bug_entry in assembly, we align the start of the entry\nto 4 bytes, which implicitly handles padding for any prior entries.\nHowever, we do not align the end of the entry, and so when\nCONFIG_DEBUG_BUGVERBOSE=n, the final entry lacks the trailing padding\nbytes.\n\nFor the main kernel image this is not a problem as find_bug() doesn't\ndepend on the trailing padding bytes when searching for entries:\n\n\tfor (bug = __start___bug_table; bug < __stop___bug_table; ++bug)\n\t\tif (bugaddr == bug_addr(bug))\n\t\t\treturn bug;\n\nHowever for modules, module_bug_finalize() depends on the trailing\nbytes when calculating the number of entries:\n\n\tmod->num_bugs = sechdrs[i].sh_size / sizeof(struct bug_entry);\n\n... and as the last bug_entry lacks the necessary padding bytes, this entry\nwill not be counted, e.g. in the case of a single entry:\n\n\tsechdrs[i].sh_size == 6\n\tsizeof(struct bug_entry) == 8;\n\n\tsechdrs[i].sh_size / sizeof(struct bug_entry) == 0;\n\nConsequently module_find_bug() will miss the last bug_entry when it does:\n\n\tfor (i = 0; i < mod->num_bugs; ++i, ++bug)\n\t\tif (bugaddr == bug_addr(bug))\n\t\t\tgoto out;\n\n... which can lead to a kenrel panic due to an unhandled bug.\n\nThis can be demonstrated with the following module:\n\n\tstatic int __init buginit(void)\n\t{\n\t\tWARN(1, \"hello\\n\");\n\t\treturn 0;\n\t}\n\n\tstatic void __exit bugexit(void)\n\t{\n\t}\n\n\tmodule_init(buginit);\n\tmodule_exit(bugexit);\n\tMODULE_LICENSE(\"GPL\");\n\n... which will trigger a kernel panic when loaded:\n\n\t------------[ cut here ]------------\n\thello\n\tUnexpected kernel BRK exception at EL1\n\tInternal error: BRK handler: 00000000f2000800 [#1] PREEMPT SMP\n\tModules linked in: hello(O+)\n\tCPU: 0 PID: 50 Comm: insmod Tainted: G O 6.9.1 #8\n\tHardware name: linux,dummy-virt (DT)\n\tpstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n\tpc : buginit+0x18/0x1000 [hello]\n\tlr : buginit+0x18/0x1000 [hello]\n\tsp : ffff800080533ae0\n\tx29: ffff800080533ae0 x28: 0000000000000000 x27: 0000000000000000\n\tx26: ffffaba8c4e70510 x25: ffff800080533c30 x24: ffffaba8c4a28a58\n\tx23: 0000000000000000 x22: 0000000000000000 x21: ffff3947c0eab3c0\n\tx20: ffffaba8c4e3f000 x19: ffffaba846464000 x18: 0000000000000006\n\tx17: 0000000000000000 x16: ffffaba8c2492834 x15: 0720072007200720\n\tx14: 0720072007200720 x13: ffffaba8c49b27c8 x12: 0000000000000312\n\tx11: 0000000000000106 x10: ffffaba8c4a0a7c8 x9 : ffffaba8c49b27c8\n\tx8 : 00000000ffffefff x7 : ffffaba8c4a0a7c8 x6 : 80000000fffff000\n\tx5 : 0000000000000107 x4 : 0000000000000000 x3 : 0000000000000000\n\tx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff3947c0eab3c0\n\tCall trace:\n\t buginit+0x18/0x1000 [hello]\n\t do_one_initcall+0x80/0x1c8\n\t do_init_module+0x60/0x218\n\t load_module+0x1ba4/0x1d70\n\t __do_sys_init_module+0x198/0x1d0\n\t __arm64_sys_init_module+0x1c/0x28\n\t invoke_syscall+0x48/0x114\n\t el0_svc\n---truncated---",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39488"
},
{
"cve":"CVE-2024-39489",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix memleak in seg6_hmac_init_algo\n\nseg6_hmac_init_algo returns without cleaning up the previous allocations\nif one fails, so it's going to leak all that memory and the crypto tfms.\n\nUpdate seg6_hmac_exit to only free the memory when allocated, so we can\nreuse the code directly.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"LOW",
"baseScore":3.3,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Low",
"category":"impact"
}
],
"title":"CVE-2024-39489"
},
{
"cve":"CVE-2024-39500",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsock_map: avoid race between sock_map_close and sk_psock_put\n\nsk_psock_get will return NULL if the refcount of psock has gone to 0, which\nwill happen when the last call of sk_psock_put is done. However,\nsk_psock_drop may not have finished yet, so the close callback will still\npoint to sock_map_close despite psock being NULL.\n\nThis can be reproduced with a thread deleting an element from the sock map,\nwhile the second one creates a socket, adds it to the map and closes it.\n\nThat will trigger the WARN_ON_ONCE:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 7220 at net/core/sock_map.c:1701 sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701\nModules linked in:\nCPU: 1 PID: 7220 Comm: syz-executor380 Not tainted 6.9.0-syzkaller-07726-g3c999d1ae3c7 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nRIP: 0010:sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701\nCode: df e8 92 29 88 f8 48 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 79 29 88 f8 4c 8b 23 eb 89 e8 4f 15 23 f8 90 <0f> 0b 90 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 13 26 3d 02\nRSP: 0018:ffffc9000441fda8 EFLAGS: 00010293\nRAX: ffffffff89731ae1 RBX: ffffffff94b87540 RCX: ffff888029470000\nRDX: 0000000000000000 RSI: ffffffff8bcab5c0 RDI: ffffffff8c1faba0\nRBP: 0000000000000000 R08: ffffffff92f9b61f R09: 1ffffffff25f36c3\nR10: dffffc0000000000 R11: fffffbfff25f36c4 R12: ffffffff89731840\nR13: ffff88804b587000 R14: ffff88804b587000 R15: ffffffff89731870\nFS: 000055555e080380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 00000000207d4000 CR4: 0000000000350ef0\nCall Trace:\n <TASK>\n unix_release+0x87/0xc0 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0xbe/0x240 net/socket.c:1421\n __fput+0x42b/0x8a0 fs/file_table.c:422\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close fs/open.c:1541 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1541\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fb37d618070\nCode: 00 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d4 e8 10 2c 00 00 80 3d 31 f0 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c\nRSP: 002b:00007ffcd4a525d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb37d618070\nRDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000100000000 R09: 0000000100000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n </TASK>\n\nUse sk_psock, which will only check that the pointer is not been set to\nNULL yet, which should only happen after the callbacks are restored. If,\nthen, a reference can still be gotten, we may call sk_psock_stop and cancel\npsock->work.\n\nAs suggested by Paolo Abeni, reorder the condition so the control flow is\nless convoluted.\n\nAfter that change, the reproducer does not trigger the WARN_ON_ONCE\nanymore.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39500"
},
{
"cve":"CVE-2024-39502",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nionic: fix use after netif_napi_del()\n\nWhen queues are started, netif_napi_add() and napi_enable() are called.\nIf there are 4 queues and only 3 queues are used for the current\nconfiguration, only 3 queues' napi should be registered and enabled.\nThe ionic_qcq_enable() checks whether the .poll pointer is not NULL for\nenabling only the using queue' napi. Unused queues' napi will not be\nregistered by netif_napi_add(), so the .poll pointer indicates NULL.\nBut it couldn't distinguish whether the napi was unregistered or not\nbecause netif_napi_del() doesn't reset the .poll pointer to NULL.\nSo, ionic_qcq_enable() calls napi_enable() for the queue, which was\nunregistered by netif_napi_del().\n\nReproducer:\n ethtool -L <interface name> rx 1 tx 1 combined 0\n ethtool -L <interface name> rx 0 tx 0 combined 1\n ethtool -L <interface name> rx 0 tx 0 combined 4\n\nSplat looks like:\nkernel BUG at net/core/dev.c:6666!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 1057 Comm: kworker/3:3 Not tainted 6.10.0-rc2+ #16\nWorkqueue: events ionic_lif_deferred_work [ionic]\nRIP: 0010:napi_enable+0x3b/0x40\nCode: 48 89 c2 48 83 e2 f6 80 b9 61 09 00 00 00 74 0d 48 83 bf 60 01 00 00 00 74 03 80 ce 01 f0 4f\nRSP: 0018:ffffb6ed83227d48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff97560cda0828 RCX: 0000000000000029\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff97560cda0a28\nRBP: ffffb6ed83227d50 R08: 0000000000000400 R09: 0000000000000001\nR10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000\nR13: ffff97560ce3c1a0 R14: 0000000000000000 R15: ffff975613ba0a20\nFS: 0000000000000000(0000) GS:ffff975d5f780000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8f734ee200 CR3: 0000000103e50000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? die+0x33/0x90\n ? do_trap+0xd9/0x100\n ? napi_enable+0x3b/0x40\n ? do_error_trap+0x83/0xb0\n ? napi_enable+0x3b/0x40\n ? napi_enable+0x3b/0x40\n ? exc_invalid_op+0x4e/0x70\n ? napi_enable+0x3b/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? napi_enable+0x3b/0x40\n ionic_qcq_enable+0xb7/0x180 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_start_queues+0xc4/0x290 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_link_status_check+0x11c/0x170 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_lif_deferred_work+0x129/0x280 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n process_one_work+0x145/0x360\n worker_thread+0x2bb/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xcc/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39502"
},
{
"cve":"CVE-2024-40905",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40905"
},
{
"cve":"CVE-2024-40931",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_una is properly initialized on connect\n\nThis is strictly related to commit fb7a0d334894 (\"mptcp: ensure snd_nxt\nis properly initialized on connect\"). It turns out that syzkaller can\ntrigger the retransmit after fallback and before processing any other\nincoming packet - so that snd_una is still left uninitialized.\n\nAddress the issue explicitly initializing snd_una together with snd_nxt\nand write_seq.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40931"
},
{
"cve":"CVE-2024-40934",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()\n\nFix a memory leak on logi_dj_recv_send_report() error path.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40934"
},
{
"cve":"CVE-2024-40964",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()\n\nThe cs35l41_hda_unbind() function clears the hda_component entry\nmatching it's index and then dereferences the codec pointer held in the\nfirst element of the hda_component array, this is an issue when the\ndevice index was 0.\n\nInstead use the codec pointer stashed in the cs35l41_hda structure as it\nwill still be valid.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.7,
"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40964"
},
{
"cve":"CVE-2024-40971",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: remove clear SB_INLINECRYPT flag in default_options\n\nIn f2fs_remount, SB_INLINECRYPT flag will be clear and re-set.\nIf create new file or open file during this gap, these files\nwill not use inlinecrypt. Worse case, it may lead to data\ncorruption if wrappedkey_v0 is enable.\n\nThread A: Thread B:\n\n-f2fs_remount\t\t\t\t-f2fs_file_open or f2fs_new_inode\n -default_options\n\t<- clear SB_INLINECRYPT flag\n\n -fscrypt_select_encryption_impl\n\n -parse_options\n\t<- set SB_INLINECRYPT again",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40971"
},
{
"cve":"CVE-2024-40997",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix memory leak on CPU EPP exit\n\nThe cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is\nnot freed in the analogous exit function, so fix that.\n\n[ rjw: Subject and changelog edits ]",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1863"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-34.0.0.41.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-34.0.0.41.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40997"
}
]
}
Reference in New Issue View Git Blame Copy Permalink