{
"document":{
"aggregate_severity":{
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
"text":"High"
},
"category":"csaf_vex",
"csaf_version":"2.0",
"distribution":{
"tlp":{
"label":"WHITE",
"url":"https:/www.first.org/tlp/"
}
},
"lang":"en",
"notes":[
{
"text":"kernel security update",
"category":"general",
"title":"Synopsis"
},
{
"text":"An update for kernel is now available for openEuler-22.03-LTS-SP1",
"category":"general",
"title":"Summary"
},
{
"text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Set page uptodate in the correct place\n\nPage cache reads are lockless, so setting the freshly allocated page\nuptodate before we've overwritten it with the data it's supposed to have\nin it will allow a simultaneous reader to see old data. Move the call\nto SetPageUptodate into ubifs_write_end(), which is after we copied the\nnew data into the page.(CVE-2024-35821)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: Fix possible use-after-free issue on kprobe registration\n\nWhen unloading a module, its state is changing MODULE_STATE_LIVE ->\n MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take\na time. `is_module_text_address()` and `__module_text_address()`\nworks with MODULE_STATE_LIVE and MODULE_STATE_GOING.\nIf we use `is_module_text_address()` and `__module_text_address()`\nseparately, there is a chance that the first one is succeeded but the\nnext one is failed because module->state becomes MODULE_STATE_UNFORMED\nbetween those operations.\n\nIn `check_kprobe_address_safe()`, if the second `__module_text_address()`\nis failed, that is ignored because it expected a kernel_text address.\nBut it may have failed simply because module->state has been changed\nto MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify\nnon-exist module text address (use-after-free).\n\nTo fix this problem, we should not use separated `is_module_text_address()`\nand `__module_text_address()`, but use only `__module_text_address()`\nonce and do `try_module_get(module)` which is only available with\nMODULE_STATE_LIVE.(CVE-2024-35955)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP\n\nIf one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,\ntaprio_parse_mqprio_opt() must validate it, or userspace\ncan inject arbitrary data to the kernel, the second time\ntaprio_change() is called.\n\nFirst call (with valid attributes) sets dev->num_tc\nto a non zero value.\n\nSecond call (with arbitrary mqprio attributes)\nreturns early from taprio_parse_mqprio_opt()\nand bad things can happen.(CVE-2024-36974)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix shift-out-of-bounds in dctcp_update_alpha().\n\nIn dctcp_update_alpha(), we use a module parameter dctcp_shift_g\nas follows:\n\n alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g);\n ...\n delivered_ce <<= (10 - dctcp_shift_g);\n\nIt seems syzkaller started fuzzing module parameters and triggered\nshift-out-of-bounds [0] by setting 100 to dctcp_shift_g:\n\n memcpy((void*)0x20000080,\n \"/sys/module/tcp_dctcp/parameters/dctcp_shift_g\\000\", 47);\n res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul,\n /*flags=*/2ul, /*mode=*/0ul);\n memcpy((void*)0x20000000, \"100\\000\", 4);\n syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul);\n\nLet's limit the max value of dctcp_shift_g by param_set_uint_minmax().\n\nWith this patch:\n\n # echo 10 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n # cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n 10\n # echo 11 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n -bash: echo: write error: Invalid argument\n\n[0]:\nUBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12\nshift exponent 100 is too large for 32-bit type 'u32' (aka 'unsigned int')\nCPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468\n dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143\n tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline]\n tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948\n tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711\n tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937\n sk_backlog_rcv include/net/sock.h:1106 [inline]\n __release_sock+0x20f/0x350 net/core/sock.c:2983\n release_sock+0x61/0x1f0 net/core/sock.c:3549\n mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907\n mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976\n __mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072\n mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127\n inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:659 [inline]\n sock_close+0xc0/0x240 net/socket.c:1421\n __fput+0x41b/0x890 fs/file_table.c:422\n task_work_run+0x23b/0x300 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x9c8/0x2540 kernel/exit.c:878\n do_group_exit+0x201/0x2b0 kernel/exit.c:1027\n __do_sys_exit_group kernel/exit.c:1038 [inline]\n __se_sys_exit_group kernel/exit.c:1036 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x7f6c2b5005b6\nCode: Unable to access opcode bytes at 0x7f6c2b50058c.\nRSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6\nRDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001\nRBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n (CVE-2024-37356)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nof: module: add buffer overflow check in of_modalias()\n\nIn of_modalias(), if the buffer happens to be too small even for the 1st\nsnprintf() call, the len parameter will become negative and str parameter\n(if not NULL initially) will point beyond the buffer's end. Add the buffer\noverflow check after the 1st snprintf() call and fix such check after the\nstrlen() call (accounting for the terminating NUL char).(CVE-2024-38541)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Add a timeout to acquire the command queue semaphore\n\nPrevent forced completion handling on an entry that has not yet been\nassigned an index, causing an out of bounds access on idx = -22.\nInstead of waiting indefinitely for the sem, blocking flow now waits for\nindex to be allocated or a sem acquisition timeout before beginning the\ntimer for FW completion.\n\nKernel log example:\nmlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion(CVE-2024-38556)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE\n\nbpf_prog_attach uses attach_type_to_prog_type to enforce proper\nattach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses\nbpf_prog_get and relies on bpf_prog_attach_check_attach_type\nto properly verify prog_type <> attach_type association.\n\nAdd missing attach_type enforcement for the link_create case.\nOtherwise, it's currently possible to attach cgroup_skb prog\ntypes to other cgroup hooks.(CVE-2024-38564)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix possible use-after-free issue in ftrace_location()\n\nKASAN reports a bug:\n\n BUG: KASAN: use-after-free in ftrace_location+0x90/0x120\n Read of size 8 at addr ffff888141d40010 by task insmod/424\n CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+\n [...]\n Call Trace:\n \n dump_stack_lvl+0x68/0xa0\n print_report+0xcf/0x610\n kasan_report+0xb5/0xe0\n ftrace_location+0x90/0x120\n register_kprobe+0x14b/0xa40\n kprobe_init+0x2d/0xff0 [kprobe_example]\n do_one_initcall+0x8f/0x2d0\n do_init_module+0x13a/0x3c0\n load_module+0x3082/0x33d0\n init_module_from_file+0xd2/0x130\n __x64_sys_finit_module+0x306/0x440\n do_syscall_64+0x68/0x140\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n\nThe root cause is that, in lookup_rec(), ftrace record of some address\nis being searched in ftrace pages of some module, but those ftrace pages\nat the same time is being freed in ftrace_release_mod() as the\ncorresponding module is being deleted:\n\n CPU1 | CPU2\n register_kprobes() { | delete_module() {\n check_kprobe_address_safe() { |\n arch_check_ftrace_location() { |\n ftrace_location() { |\n lookup_rec() // USE! | ftrace_release_mod() // Free!\n\nTo fix this issue:\n 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();\n 2. Use ftrace_location_range() instead of lookup_rec() in\n ftrace_location();\n 3. Call synchronize_rcu() before freeing any ftrace pages both in\n ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().(CVE-2024-38588)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\njffs2: prevent xattr node from overflowing the eraseblock\n\nAdd a check to make sure that the requested xattr node size is no larger\nthan the eraseblock minus the cleanmarker.\n\nUnlike the usual inode nodes, the xattr nodes aren't split into parts\nand spread across multiple eraseblocks, which means that a xattr node\nmust not occupy more than one eraseblock. If the requested xattr value is\ntoo large, the xattr node can spill onto the next eraseblock, overwriting\nthe nodes and causing errors such as:\n\njffs2: argh. node added in wrong place at 0x0000b050(2)\njffs2: nextblock 0x0000a000, expected at 0000b00c\njffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,\nread=0xfc892c93, calc=0x000000\njffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed\nat 0x01e00c. {848f,2fc4,0fef511f,59a3d171}\njffs2: Node at 0x0000000c with length 0x00001044 would run over the\nend of the erase block\njffs2: Perhaps the file system was created with the wrong erase size?\njffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found\nat 0x00000010: 0x1044 instead\n\nThis breaks the filesystem and can lead to KASAN crashes such as:\n\nBUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0\nRead of size 4 at addr ffff88802c31e914 by task repro/830\nCPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS Arch Linux 1.16.3-1-1 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0xc6/0x120\n print_report+0xc4/0x620\n ? __virt_addr_valid+0x308/0x5b0\n kasan_report+0xc1/0xf0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_flash_direct_writev+0xa8/0xd0\n jffs2_flash_writev+0x9c9/0xef0\n ? __x64_sys_setxattr+0xc4/0x160\n ? do_syscall_64+0x69/0x140\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.(CVE-2024-38599)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use variable length array instead of fixed size\n\nShould fix smatch warning:\n\tntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)(CVE-2024-38623)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use 64 bit variable to avoid 32 bit overflow\n\nFor example, in the expression:\n\tvbo = 2 * vbo + skip(CVE-2024-38624)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger\n\nWhen the cpu5wdt module is removing, the origin code uses del_timer() to\nde-activate the timer. If the timer handler is running, del_timer() could\nnot stop it and will return directly. If the port region is released by\nrelease_region() and then the timer handler cpu5wdt_trigger() calls outb()\nto write into the region that is released, the use-after-free bug will\nhappen.\n\nChange del_timer() to timer_shutdown_sync() in order that the timer handler\ncould be finished before the port region is released.(CVE-2024-38630)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ns390/ap: Fix crash in AP internal function modify_bitmap()\n\nA system crash like this\n\n Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403\n Fault in home space mode while using kernel ASCE.\n AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d\n Oops: 0038 ilc:3 [#1] PREEMPT SMP\n Modules linked in: mlx5_ib ...\n CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8\n Hardware name: IBM 3931 A01 704 (LPAR)\n Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\n Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3\n 000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0\n 000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff\n 000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8\n Krnl Code: 0000014b75e7b5fc: a7840047 brc 8,0000014b75e7b68a\n 0000014b75e7b600: 18b2 lr %r11,%r2\n #0000014b75e7b602: a7f4000a brc 15,0000014b75e7b616\n >0000014b75e7b606: eb22d00000e6 laog %r2,%r2,0(%r13)\n 0000014b75e7b60c: a7680001 lhi %r6,1\n 0000014b75e7b610: 187b lr %r7,%r11\n 0000014b75e7b612: 84960021 brxh %r9,%r6,0000014b75e7b654\n 0000014b75e7b616: 18e9 lr %r14,%r9\n Call Trace:\n [<0000014b75e7b606>] ap_parse_bitmap_str+0x10e/0x1f8\n ([<0000014b75e7b5dc>] ap_parse_bitmap_str+0xe4/0x1f8)\n [<0000014b75e7b758>] apmask_store+0x68/0x140\n [<0000014b75679196>] kernfs_fop_write_iter+0x14e/0x1e8\n [<0000014b75598524>] vfs_write+0x1b4/0x448\n [<0000014b7559894c>] ksys_write+0x74/0x100\n [<0000014b7618a440>] __do_syscall+0x268/0x328\n [<0000014b761a3558>] system_call+0x70/0x98\n INFO: lockdep is turned off.\n Last Breaking-Event-Address:\n [<0000014b75e7b636>] ap_parse_bitmap_str+0x13e/0x1f8\n Kernel panic - not syncing: Fatal exception: panic_on_oops\n\noccured when /sys/bus/ap/a[pq]mask was updated with a relative mask value\n(like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX.\n\nThe fix is simple: use unsigned long values for the internal variables. The\ncorrect checks are already in place in the function but a simple int for\nthe internal variables was used with the possibility to overflow.(CVE-2024-38661)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\num: Add winch to winch_handlers before registering winch IRQ\n\nRegistering a winch IRQ is racy, an interrupt may occur before the winch is\nadded to the winch_handlers list.\n\nIf that happens, register_winch_irq() adds to that list a winch that is\nscheduled to be (or has already been) freed, causing a panic later in\nwinch_cleanup().\n\nAvoid the race by adding the winch to the winch_handlers list before\nregistering the IRQ, and rolling back if um_request_irq() fails.(CVE-2024-39292)",
"category":"general",
"title":"Description"
},
{
"text":"An update for kernel is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"category":"general",
"title":"Topic"
},
{
"text":"High",
"category":"general",
"title":"Severity"
},
{
"text":"kernel",
"category":"general",
"title":"Affected Component"
}
],
"publisher":{
"issuing_authority":"openEuler security committee",
"name":"openEuler",
"namespace":"https://www.openeuler.org",
"contact_details":"openeuler-security@openeuler.org",
"category":"vendor"
},
"references":[
{
"summary":"openEuler-SA-2024-1796",
"category":"self",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
},
{
"summary":"CVE-2024-35821",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35821&packageName=kernel"
},
{
"summary":"CVE-2024-35955",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35955&packageName=kernel"
},
{
"summary":"CVE-2024-36974",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36974&packageName=kernel"
},
{
"summary":"CVE-2024-37356",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37356&packageName=kernel"
},
{
"summary":"CVE-2024-38541",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38541&packageName=kernel"
},
{
"summary":"CVE-2024-38556",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38556&packageName=kernel"
},
{
"summary":"CVE-2024-38564",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38564&packageName=kernel"
},
{
"summary":"CVE-2024-38588",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38588&packageName=kernel"
},
{
"summary":"CVE-2024-38599",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38599&packageName=kernel"
},
{
"summary":"CVE-2024-38623",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38623&packageName=kernel"
},
{
"summary":"CVE-2024-38624",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38624&packageName=kernel"
},
{
"summary":"CVE-2024-38630",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38630&packageName=kernel"
},
{
"summary":"CVE-2024-38661",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38661&packageName=kernel"
},
{
"summary":"CVE-2024-39292",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39292&packageName=kernel"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35821"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35955"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36974"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37356"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38541"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38556"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38564"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38588"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38599"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38623"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38624"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38630"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38661"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39292"
},
{
"summary":"openEuler-SA-2024-1796 vex file",
"category":"self",
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-1796.json"
}
],
"title":"An update for kernel is now available for openEuler-22.03-LTS-SP1",
"tracking":{
"initial_release_date":"2024-07-05T09:21:17+08:00",
"revision_history":[
{
"date":"2024-07-05T09:21:17+08:00",
"summary":"Initial",
"number":"1.0.0"
},
{
"date":"2024-10-31T09:21:17+08:00",
"summary":"final",
"number":"2.0.0"
}
],
"generator":{
"date":"2024-10-31T09:21:17+08:00",
"engine":{
"name":"openEuler CSAF Tool V1.0"
}
},
"current_release_date":"2024-10-31T09:21:17+08:00",
"id":"openEuler-SA-2024-1796",
"version":"2.0.0",
"status":"final"
}
},
"product_tree":{
"branches":[
{
"name":"openEuler",
"category":"vendor",
"branches":[
{
"name":"openEuler",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"openEuler-22.03-LTS-SP1",
"name":"openEuler-22.03-LTS-SP1"
},
"name":"openEuler-22.03-LTS-SP1",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"aarch64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"perf-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"perf-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"perf-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"name":"python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm"
},
"name":"python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"category":"product_version"
}
],
"category":"architecture"
},
{
"name":"src",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-5.10.0-136.83.0.164.oe2203sp1.src.rpm",
"name":"kernel-5.10.0-136.83.0.164.oe2203sp1.src.rpm"
},
"name":"kernel-5.10.0-136.83.0.164.oe2203sp1.src.rpm",
"category":"product_version"
}
],
"category":"architecture"
},
{
"name":"x86_64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"perf-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"perf-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"perf-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
},
"product_id":"python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"name":"python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm"
},
"name":"python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"category":"product_version"
}
],
"category":"architecture"
}
]
}
],
"relationships":[
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"perf-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"perf-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"name":"python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-5.10.0-136.83.0.164.oe2203sp1.src.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"name":"kernel-5.10.0-136.83.0.164.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"perf-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"perf-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
"product_reference":"python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"name":"python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
},
"category":"default_component_of"
}
]
},
"vulnerabilities":[
{
"cve":"CVE-2024-35821",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Set page uptodate in the correct place\n\nPage cache reads are lockless, so setting the freshly allocated page\nuptodate before we've overwritten it with the data it's supposed to have\nin it will allow a simultaneous reader to see old data. Move the call\nto SetPageUptodate into ubifs_write_end(), which is after we copied the\nnew data into the page.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-35821"
},
{
"cve":"CVE-2024-35955",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: Fix possible use-after-free issue on kprobe registration\n\nWhen unloading a module, its state is changing MODULE_STATE_LIVE ->\n MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take\na time. `is_module_text_address()` and `__module_text_address()`\nworks with MODULE_STATE_LIVE and MODULE_STATE_GOING.\nIf we use `is_module_text_address()` and `__module_text_address()`\nseparately, there is a chance that the first one is succeeded but the\nnext one is failed because module->state becomes MODULE_STATE_UNFORMED\nbetween those operations.\n\nIn `check_kprobe_address_safe()`, if the second `__module_text_address()`\nis failed, that is ignored because it expected a kernel_text address.\nBut it may have failed simply because module->state has been changed\nto MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify\nnon-exist module text address (use-after-free).\n\nTo fix this problem, we should not use separated `is_module_text_address()`\nand `__module_text_address()`, but use only `__module_text_address()`\nonce and do `try_module_get(module)` which is only available with\nMODULE_STATE_LIVE.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-35955"
},
{
"cve":"CVE-2024-36974",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP\n\nIf one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,\ntaprio_parse_mqprio_opt() must validate it, or userspace\ncan inject arbitrary data to the kernel, the second time\ntaprio_change() is called.\n\nFirst call (with valid attributes) sets dev->num_tc\nto a non zero value.\n\nSecond call (with arbitrary mqprio attributes)\nreturns early from taprio_parse_mqprio_opt()\nand bad things can happen.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"LOW",
"baseScore":3.9,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Low",
"category":"impact"
}
],
"title":"CVE-2024-36974"
},
{
"cve":"CVE-2024-37356",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix shift-out-of-bounds in dctcp_update_alpha().\n\nIn dctcp_update_alpha(), we use a module parameter dctcp_shift_g\nas follows:\n\n alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g);\n ...\n delivered_ce <<= (10 - dctcp_shift_g);\n\nIt seems syzkaller started fuzzing module parameters and triggered\nshift-out-of-bounds [0] by setting 100 to dctcp_shift_g:\n\n memcpy((void*)0x20000080,\n \"/sys/module/tcp_dctcp/parameters/dctcp_shift_g\\000\", 47);\n res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul,\n /*flags=*/2ul, /*mode=*/0ul);\n memcpy((void*)0x20000000, \"100\\000\", 4);\n syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul);\n\nLet's limit the max value of dctcp_shift_g by param_set_uint_minmax().\n\nWith this patch:\n\n # echo 10 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n # cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n 10\n # echo 11 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n -bash: echo: write error: Invalid argument\n\n[0]:\nUBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12\nshift exponent 100 is too large for 32-bit type 'u32' (aka 'unsigned int')\nCPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468\n dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143\n tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline]\n tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948\n tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711\n tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937\n sk_backlog_rcv include/net/sock.h:1106 [inline]\n __release_sock+0x20f/0x350 net/core/sock.c:2983\n release_sock+0x61/0x1f0 net/core/sock.c:3549\n mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907\n mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976\n __mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072\n mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127\n inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:659 [inline]\n sock_close+0xc0/0x240 net/socket.c:1421\n __fput+0x41b/0x890 fs/file_table.c:422\n task_work_run+0x23b/0x300 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x9c8/0x2540 kernel/exit.c:878\n do_group_exit+0x201/0x2b0 kernel/exit.c:1027\n __do_sys_exit_group kernel/exit.c:1038 [inline]\n __se_sys_exit_group kernel/exit.c:1036 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x7f6c2b5005b6\nCode: Unable to access opcode bytes at 0x7f6c2b50058c.\nRSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6\nRDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001\nRBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n ",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-37356"
},
{
"cve":"CVE-2024-38541",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: add buffer overflow check in of_modalias()\n\nIn of_modalias(), if the buffer happens to be too small even for the 1st\nsnprintf() call, the len parameter will become negative and str parameter\n(if not NULL initially) will point beyond the buffer's end. Add the buffer\noverflow check after the 1st snprintf() call and fix such check after the\nstrlen() call (accounting for the terminating NUL char).",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38541"
},
{
"cve":"CVE-2024-38556",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Add a timeout to acquire the command queue semaphore\n\nPrevent forced completion handling on an entry that has not yet been\nassigned an index, causing an out of bounds access on idx = -22.\nInstead of waiting indefinitely for the sem, blocking flow now waits for\nindex to be allocated or a sem acquisition timeout before beginning the\ntimer for FW completion.\n\nKernel log example:\nmlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38556"
},
{
"cve":"CVE-2024-38564",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE\n\nbpf_prog_attach uses attach_type_to_prog_type to enforce proper\nattach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses\nbpf_prog_get and relies on bpf_prog_attach_check_attach_type\nto properly verify prog_type <> attach_type association.\n\nAdd missing attach_type enforcement for the link_create case.\nOtherwise, it's currently possible to attach cgroup_skb prog\ntypes to other cgroup hooks.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.1,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-38564"
},
{
"cve":"CVE-2024-38588",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix possible use-after-free issue in ftrace_location()\n\nKASAN reports a bug:\n\n BUG: KASAN: use-after-free in ftrace_location+0x90/0x120\n Read of size 8 at addr ffff888141d40010 by task insmod/424\n CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+\n [...]\n Call Trace:\n \n dump_stack_lvl+0x68/0xa0\n print_report+0xcf/0x610\n kasan_report+0xb5/0xe0\n ftrace_location+0x90/0x120\n register_kprobe+0x14b/0xa40\n kprobe_init+0x2d/0xff0 [kprobe_example]\n do_one_initcall+0x8f/0x2d0\n do_init_module+0x13a/0x3c0\n load_module+0x3082/0x33d0\n init_module_from_file+0xd2/0x130\n __x64_sys_finit_module+0x306/0x440\n do_syscall_64+0x68/0x140\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n\nThe root cause is that, in lookup_rec(), ftrace record of some address\nis being searched in ftrace pages of some module, but those ftrace pages\nat the same time is being freed in ftrace_release_mod() as the\ncorresponding module is being deleted:\n\n CPU1 | CPU2\n register_kprobes() { | delete_module() {\n check_kprobe_address_safe() { |\n arch_check_ftrace_location() { |\n ftrace_location() { |\n lookup_rec() // USE! | ftrace_release_mod() // Free!\n\nTo fix this issue:\n 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();\n 2. Use ftrace_location_range() instead of lookup_rec() in\n ftrace_location();\n 3. Call synchronize_rcu() before freeing any ftrace pages both in\n ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38588"
},
{
"cve":"CVE-2024-38599",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: prevent xattr node from overflowing the eraseblock\n\nAdd a check to make sure that the requested xattr node size is no larger\nthan the eraseblock minus the cleanmarker.\n\nUnlike the usual inode nodes, the xattr nodes aren't split into parts\nand spread across multiple eraseblocks, which means that a xattr node\nmust not occupy more than one eraseblock. If the requested xattr value is\ntoo large, the xattr node can spill onto the next eraseblock, overwriting\nthe nodes and causing errors such as:\n\njffs2: argh. node added in wrong place at 0x0000b050(2)\njffs2: nextblock 0x0000a000, expected at 0000b00c\njffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,\nread=0xfc892c93, calc=0x000000\njffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed\nat 0x01e00c. {848f,2fc4,0fef511f,59a3d171}\njffs2: Node at 0x0000000c with length 0x00001044 would run over the\nend of the erase block\njffs2: Perhaps the file system was created with the wrong erase size?\njffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found\nat 0x00000010: 0x1044 instead\n\nThis breaks the filesystem and can lead to KASAN crashes such as:\n\nBUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0\nRead of size 4 at addr ffff88802c31e914 by task repro/830\nCPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS Arch Linux 1.16.3-1-1 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0xc6/0x120\n print_report+0xc4/0x620\n ? __virt_addr_valid+0x308/0x5b0\n kasan_report+0xc1/0xf0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_flash_direct_writev+0xa8/0xd0\n jffs2_flash_writev+0x9c9/0xef0\n ? __x64_sys_setxattr+0xc4/0x160\n ? do_syscall_64+0x69/0x140\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.1,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-38599"
},
{
"cve":"CVE-2024-38623",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use variable length array instead of fixed size\n\nShould fix smatch warning:\n\tntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38623"
},
{
"cve":"CVE-2024-38624",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use 64 bit variable to avoid 32 bit overflow\n\nFor example, in the expression:\n\tvbo = 2 * vbo + skip",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38624"
},
{
"cve":"CVE-2024-38630",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger\n\nWhen the cpu5wdt module is removing, the origin code uses del_timer() to\nde-activate the timer. If the timer handler is running, del_timer() could\nnot stop it and will return directly. If the port region is released by\nrelease_region() and then the timer handler cpu5wdt_trigger() calls outb()\nto write into the region that is released, the use-after-free bug will\nhappen.\n\nChange del_timer() to timer_shutdown_sync() in order that the timer handler\ncould be finished before the port region is released.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"NONE",
"baseScore":0.0,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"None",
"category":"impact"
}
],
"title":"CVE-2024-38630"
},
{
"cve":"CVE-2024-38661",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ap: Fix crash in AP internal function modify_bitmap()\n\nA system crash like this\n\n Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403\n Fault in home space mode while using kernel ASCE.\n AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d\n Oops: 0038 ilc:3 [#1] PREEMPT SMP\n Modules linked in: mlx5_ib ...\n CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8\n Hardware name: IBM 3931 A01 704 (LPAR)\n Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\n Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3\n 000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0\n 000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff\n 000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8\n Krnl Code: 0000014b75e7b5fc: a7840047 brc 8,0000014b75e7b68a\n 0000014b75e7b600: 18b2 lr %r11,%r2\n #0000014b75e7b602: a7f4000a brc 15,0000014b75e7b616\n >0000014b75e7b606: eb22d00000e6 laog %r2,%r2,0(%r13)\n 0000014b75e7b60c: a7680001 lhi %r6,1\n 0000014b75e7b610: 187b lr %r7,%r11\n 0000014b75e7b612: 84960021 brxh %r9,%r6,0000014b75e7b654\n 0000014b75e7b616: 18e9 lr %r14,%r9\n Call Trace:\n [<0000014b75e7b606>] ap_parse_bitmap_str+0x10e/0x1f8\n ([<0000014b75e7b5dc>] ap_parse_bitmap_str+0xe4/0x1f8)\n [<0000014b75e7b758>] apmask_store+0x68/0x140\n [<0000014b75679196>] kernfs_fop_write_iter+0x14e/0x1e8\n [<0000014b75598524>] vfs_write+0x1b4/0x448\n [<0000014b7559894c>] ksys_write+0x74/0x100\n [<0000014b7618a440>] __do_syscall+0x268/0x328\n [<0000014b761a3558>] system_call+0x70/0x98\n INFO: lockdep is turned off.\n Last Breaking-Event-Address:\n [<0000014b75e7b636>] ap_parse_bitmap_str+0x13e/0x1f8\n Kernel panic - not syncing: Fatal exception: panic_on_oops\n\noccured when /sys/bus/ap/a[pq]mask was updated with a relative mask value\n(like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX.\n\nThe fix is simple: use unsigned long values for the internal variables. The\ncorrect checks are already in place in the function but a simple int for\nthe internal variables was used with the possibility to overflow.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38661"
},
{
"cve":"CVE-2024-39292",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\num: Add winch to winch_handlers before registering winch IRQ\n\nRegistering a winch IRQ is racy, an interrupt may occur before the winch is\nadded to the winch_handlers list.\n\nIf that happens, register_winch_irq() adds to that list a winch that is\nscheduled to be (or has already been) freed, causing a panic later in\nwinch_cleanup().\n\nAvoid the race by adding the winch to the winch_handlers list before\nregistering the IRQ, and rolling back if um_request_irq() fails.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1796"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.aarch64",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.src",
"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.83.0.164.oe2203sp1.x86_64",
"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.83.0.164.oe2203sp1.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39292"
}
]
}