jiachao2130/csaf2cusa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5cde716b34
csaf2cusa/csaf/advisories/2024/csaf-openEuler-SA-2024-1943.json
Jia Chao 5cde716b34 更新:20240807 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-08-07 09:56:41 +08:00

2938 lines
185 KiB
JSON
Raw Blame History

{
"document":{
"aggregate_severity":{
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
"text":"High"
},
"category":"csaf_vex",
"csaf_version":"2.0",
"distribution":{
"tlp":{
"label":"WHITE",
"url":"https:/www.first.org/tlp/"
}
},
"lang":"en",
"notes":[
{
"text":"kernel security update",
"category":"general",
"title":"Synopsis"
},
{
"text":"An update for kernel is now available for openEuler-24.03-LTS.",
"category":"general",
"title":"Summary"
},
{
"text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n caused system hang.\n [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n [ 557.373718] [drm] PCIE GART of 512M enabled.\n [ 557.373722] [drm] PTB located at 0x0000031FED700000\n [ 557.373788] [drm] VRAM is lost due to GPU reset!\n [ 557.373789] [drm] PSP is resuming...\n [ 557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n [ 557.547067] [drm] PCI error: detected callback, state(1)!!\n [ 557.547069] [drm] No support for XGMI hive yet...\n [ 557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n [ 557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n [ 557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n [ 557.610492] [drm] PCI error: slot reset callback!!\n ...\n [ 560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n [ 560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G OE 5.15.0-91-generic #101-Ubuntu\n [ 560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n [ 560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n [ 560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n [ 560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n [ 560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n [ 560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n [ 560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n [ 560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n [ 560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n [ 560.803889] FS: 0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n [ 560.812973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n [ 560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [ 560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n [ 560.843444] PKRU: 55555554\n [ 560.846480] Call Trace:\n [ 560.849225] <TASK>\n [ 560.851580] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.856488] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.861379] ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.867778] ? show_regs.part.0+0x23/0x29\n [ 560.872293] ? __die_body.cold+0x8/0xd\n [ 560.876502] ? die_addr+0x3e/0x60\n [ 560.880238] ? exc_general_protection+0x1c5/0x410\n [ 560.885532] ? asm_exc_general_protection+0x27/0x30\n [ 560.891025] ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.898323] amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.904520] process_one_work+0x228/0x3d0\nHow:\n In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.(CVE-2024-35931)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways).(CVE-2024-36923)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: cdns-mhdp8546: Fix possible null pointer dereference\n\nIn cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is\nassigned to mhdp_state->current_mode, and there is a dereference of it in\ndrm_mode_set_name(), which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate().\n\nFix this bug add a check of mhdp_state->current_mode.(CVE-2024-38548)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n <TASK>\n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n </TASK>\n\n[2] Related syzkaller crashes:(CVE-2024-38567)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback being\ndiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.\nusing sysfs or hotplug), the driver is just removed without the cleanup\nbeing performed. This results in resource leaks. Fix it by compiling in the\nremove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\nWARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in\nreference: davinci_mmcsd_driver+0x10 (section: .data) ->\ndavinci_mmcsd_remove (section: .exit.text)(CVE-2024-39484)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-39506)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\n\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n<snip>\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n<snip>\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.(CVE-2024-39508)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm's semaphore, and this operation may sleep. This is\nproblematic, because __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[<ffffffff800060dc>] dump_backtrace+0x1c/0x24\n[<ffffffff8091ef6e>] show_stack+0x2c/0x38\n[<ffffffff8092baf8>] dump_stack_lvl+0x5a/0x72\n[<ffffffff8092bb24>] dump_stack+0x14/0x1c\n[<ffffffff8003b7ac>] __might_resched+0x104/0x10e\n[<ffffffff8003b7f4>] __might_sleep+0x3e/0x62\n[<ffffffff8093276a>] down_write+0x20/0x72\n[<ffffffff8000cf00>] __set_memory+0x82/0x2fa\n[<ffffffff8000d324>] __kernel_map_pages+0x5a/0xd4\n[<ffffffff80196cca>] __alloc_pages_bulk+0x3b2/0x43a\n[<ffffffff8018ee82>] __vmalloc_node_range+0x196/0x6ba\n[<ffffffff80011904>] copy_process+0x72c/0x17ec\n[<ffffffff80012ab4>] kernel_clone+0x60/0x2fe\n[<ffffffff80012f62>] kernel_thread+0x82/0xa0\n[<ffffffff8003552c>] kthreadd+0x14a/0x1be\n[<ffffffff809357de>] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime.(CVE-2024-40915)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n find_rr_leaf net/ipv6/route.c:853 [inline]\n rt6_select net/ipv6/route.c:897 [inline]\n fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n pol_lookup_func include/net/ip6_fib.h:616 [inline]\n fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x6b6/0x1140 fs/read_write.c:590\n ksys_write+0x1f8/0x260 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f(CVE-2024-40960)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmips: bmips: BCM6358: make sure CBR is correctly set\n\nIt was discovered that some device have CBR address set to 0 causing\nkernel panic when arch_sync_dma_for_cpu_all is called.\n\nThis was notice in situation where the system is booted from TP1 and\nBMIPS_GET_CBR() returns 0 instead of a valid address and\n!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.\n\nThe current check whether RAC flush should be disabled or not are not\nenough hence lets check if CBR is a valid address or not.(CVE-2024-40963)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.(CVE-2024-40972)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [<ffffffffb1df2b33>] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [<ffffffffb19bd03d>] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [<ffffffffb07a1083>] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [<ffffffffb0909b33>] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[<ffffffffb1de786b>] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n <TASK>\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.(CVE-2024-40980)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nssb: Fix potential NULL pointer dereference in ssb_device_uevent()\n\nThe ssb_device_uevent() function first attempts to convert the 'dev' pointer\nto 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before\nperforming the NULL check, potentially leading to a NULL pointer\ndereference if 'dev' is NULL.\n\nTo fix this issue, move the NULL check before dereferencing the 'dev' pointer,\nensuring that the pointer is valid before attempting to use it.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-40982)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n<TASK>\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481(CVE-2024-40995)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space.(CVE-2024-41011)",
"category":"general",
"title":"Description"
},
{
"text":"An update for kernel is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"category":"general",
"title":"Topic"
},
{
"text":"High",
"category":"general",
"title":"Severity"
},
{
"text":"kernel",
"category":"general",
"title":"Affected Component"
}
],
"publisher":{
"issuing_authority":"openEuler security committee",
"name":"openEuler",
"namespace":"https://www.openeuler.org",
"contact_details":"openeuler-security@openeuler.org",
"category":"vendor"
},
"references":[
{
"summary":"openEuler-SA-2024-1943",
"category":"self",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1943"
},
{
"summary":"CVE-2024-35931",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35931&packageName=kernel"
},
{
"summary":"CVE-2024-36923",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36923&packageName=kernel"
},
{
"summary":"CVE-2024-38548",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38548&packageName=kernel"
},
{
"summary":"CVE-2024-38567",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38567&packageName=kernel"
},
{
"summary":"CVE-2024-39484",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39484&packageName=kernel"
},
{
"summary":"CVE-2024-39506",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39506&packageName=kernel"
},
{
"summary":"CVE-2024-39508",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39508&packageName=kernel"
},
{
"summary":"CVE-2024-40915",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40915&packageName=kernel"
},
{
"summary":"CVE-2024-40960",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40960&packageName=kernel"
},
{
"summary":"CVE-2024-40963",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40963&packageName=kernel"
},
{
"summary":"CVE-2024-40972",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40972&packageName=kernel"
},
{
"summary":"CVE-2024-40980",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40980&packageName=kernel"
},
{
"summary":"CVE-2024-40982",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40982&packageName=kernel"
},
{
"summary":"CVE-2024-40995",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40995&packageName=kernel"
},
{
"summary":"CVE-2024-41011",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41011&packageName=kernel"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35931"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36923"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38548"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38567"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39484"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39506"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39508"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40915"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40960"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40963"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40972"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40980"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40982"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40995"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41011"
},
{
"summary":"openEuler-SA-2024-1943 vex file",
"category":"self",
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1943.json"
}
],
"title":"An update for kernel is now available for openEuler-24.03-LTS",
"tracking":{
"initial_release_date":"2024-08-02T19:42:25+08:00",
"revision_history":[
{
"date":"2024-08-02T19:42:25+08:00",
"summary":"Initial",
"number":"1.0.0"
},
{
"date":"2024-08-05T10:55:00+08:00",
"summary":"final",
"number":"2.0.0"
}
],
"generator":{
"date":"2024-08-05T10:55:00+08:00",
"engine":{
"name":"openEuler CSAF Tool V1.0"
}
},
"current_release_date":"2024-08-05T10:55:00+08:00",
"id":"openEuler-SA-2024-1943",
"version":"2.0.0",
"status":"final"
}
},
"product_tree":{
"branches":[
{
"name":"openEuler",
"category":"vendor",
"branches":[
{
"name":"openEuler",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"openEuler-24.03-LTS",
"name":"openEuler-24.03-LTS"
},
"name":"openEuler-24.03-LTS",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"aarch64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"name":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm"
},
"name":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"src",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm",
"name":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm"
},
"name":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"x86_64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm"
},
"name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"category":"product_version"
}
],
"category":"product_name"
}
]
}
],
"relationships":[
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"kernel-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"python3-perf-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"bpftool-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"perf-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"name":"kernel-source-6.6.0-35.0.0.43.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-6.6.0-35.0.0.43.oe2403.src.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"name":"kernel-6.6.0-35.0.0.43.oe2403.src as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"python3-perf-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"kernel-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"perf-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"kernel-source-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"bpftool-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"name":"kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
}
]
},
"vulnerabilities":[
{
"cve":"CVE-2024-35931",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n caused system hang.\n [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n [ 557.373718] [drm] PCIE GART of 512M enabled.\n [ 557.373722] [drm] PTB located at 0x0000031FED700000\n [ 557.373788] [drm] VRAM is lost due to GPU reset!\n [ 557.373789] [drm] PSP is resuming...\n [ 557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n [ 557.547067] [drm] PCI error: detected callback, state(1)!!\n [ 557.547069] [drm] No support for XGMI hive yet...\n [ 557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n [ 557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n [ 557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n [ 557.610492] [drm] PCI error: slot reset callback!!\n ...\n [ 560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n [ 560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G OE 5.15.0-91-generic #101-Ubuntu\n [ 560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n [ 560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n [ 560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n [ 560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n [ 560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n [ 560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n [ 560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n [ 560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n [ 560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n [ 560.803889] FS: 0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n [ 560.812973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n [ 560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [ 560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n [ 560.843444] PKRU: 55555554\n [ 560.846480] Call Trace:\n [ 560.849225] <TASK>\n [ 560.851580] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.856488] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.861379] ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.867778] ? show_regs.part.0+0x23/0x29\n [ 560.872293] ? __die_body.cold+0x8/0xd\n [ 560.876502] ? die_addr+0x3e/0x60\n [ 560.880238] ? exc_general_protection+0x1c5/0x410\n [ 560.885532] ? asm_exc_general_protection+0x27/0x30\n [ 560.891025] ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.898323] amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.904520] process_one_work+0x228/0x3d0\nHow:\n In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-35931"
},
{
"cve":"CVE-2024-36923",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways).",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.3,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36923"
},
{
"cve":"CVE-2024-38548",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: cdns-mhdp8546: Fix possible null pointer dereference\n\nIn cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is\nassigned to mhdp_state->current_mode, and there is a dereference of it in\ndrm_mode_set_name(), which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate().\n\nFix this bug add a check of mhdp_state->current_mode.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38548"
},
{
"cve":"CVE-2024-38567",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n <TASK>\n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n </TASK>\n\n[2] Related syzkaller crashes:",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38567"
},
{
"cve":"CVE-2024-39484",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:mmc: davinci: Don t strip remove function when driver is builtinUsing __exit for the remove function results in the remove callback beingdiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.using sysfs or hotplug), the driver is just removed without the cleanupbeing performed. This results in resource leaks. Fix it by compiling in theremove callback unconditionally.This also fixes a W=1 modpost warning:WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch inreference: davinci_mmcsd_driver+0x10 (section: .data) ->davinci_mmcsd_remove (section: .exit.text)",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39484"
},
{
"cve":"CVE-2024-39506",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39506"
},
{
"cve":"CVE-2024-39508",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\n\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n<snip>\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n<snip>\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":6.3,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39508"
},
{
"cve":"CVE-2024-40915",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm's semaphore, and this operation may sleep. This is\nproblematic, because __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[<ffffffff800060dc>] dump_backtrace+0x1c/0x24\n[<ffffffff8091ef6e>] show_stack+0x2c/0x38\n[<ffffffff8092baf8>] dump_stack_lvl+0x5a/0x72\n[<ffffffff8092bb24>] dump_stack+0x14/0x1c\n[<ffffffff8003b7ac>] __might_resched+0x104/0x10e\n[<ffffffff8003b7f4>] __might_sleep+0x3e/0x62\n[<ffffffff8093276a>] down_write+0x20/0x72\n[<ffffffff8000cf00>] __set_memory+0x82/0x2fa\n[<ffffffff8000d324>] __kernel_map_pages+0x5a/0xd4\n[<ffffffff80196cca>] __alloc_pages_bulk+0x3b2/0x43a\n[<ffffffff8018ee82>] __vmalloc_node_range+0x196/0x6ba\n[<ffffffff80011904>] copy_process+0x72c/0x17ec\n[<ffffffff80012ab4>] kernel_clone+0x60/0x2fe\n[<ffffffff80012f62>] kernel_thread+0x82/0xa0\n[<ffffffff8003552c>] kthreadd+0x14a/0x1be\n[<ffffffff809357de>] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40915"
},
{
"cve":"CVE-2024-40960",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n find_rr_leaf net/ipv6/route.c:853 [inline]\n rt6_select net/ipv6/route.c:897 [inline]\n fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n pol_lookup_func include/net/ip6_fib.h:616 [inline]\n fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x6b6/0x1140 fs/read_write.c:590\n ksys_write+0x1f8/0x260 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40960"
},
{
"cve":"CVE-2024-40963",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmips: bmips: BCM6358: make sure CBR is correctly set\n\nIt was discovered that some device have CBR address set to 0 causing\nkernel panic when arch_sync_dma_for_cpu_all is called.\n\nThis was notice in situation where the system is booted from TP1 and\nBMIPS_GET_CBR() returns 0 instead of a valid address and\n!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.\n\nThe current check whether RAC flush should be disabled or not are not\nenough hence lets check if CBR is a valid address or not.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"LOW",
"baseScore":3.9,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Low",
"category":"impact"
}
],
"title":"CVE-2024-40963"
},
{
"cve":"CVE-2024-40972",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.7,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40972"
},
{
"cve":"CVE-2024-40980",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [<ffffffffb1df2b33>] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [<ffffffffb19bd03d>] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [<ffffffffb07a1083>] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [<ffffffffb0909b33>] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[<ffffffffb1de786b>] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n <TASK>\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.7,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40980"
},
{
"cve":"CVE-2024-40982",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nssb: Fix potential NULL pointer dereference in ssb_device_uevent()\n\nThe ssb_device_uevent() function first attempts to convert the 'dev' pointer\nto 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before\nperforming the NULL check, potentially leading to a NULL pointer\ndereference if 'dev' is NULL.\n\nTo fix this issue, move the NULL check before dereferencing the 'dev' pointer,\nensuring that the pointer is valid before attempting to use it.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.4,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40982"
},
{
"cve":"CVE-2024-40995",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n<TASK>\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-40995"
},
{
"cve":"CVE-2024-41011",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.8,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.src",
"openEuler-24.03-LTS:kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-41011"
}
]
}
Reference in New Issue View Git Blame Copy Permalink