{
"document":{
"aggregate_severity":{
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
"text":"High"
},
"category":"csaf_vex",
"csaf_version":"2.0",
"distribution":{
"tlp":{
"label":"WHITE",
"url":"https:/www.first.org/tlp/"
}
},
"lang":"en",
"notes":[
{
"text":"kernel security update",
"category":"general",
"title":"Synopsis"
},
{
"text":"An update for kernel is now available for openEuler-22.03-LTS-SP4",
"category":"general",
"title":"Summary"
},
{
"text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Prevent use after free on completion memory\n\nOn driver unload any pending descriptors are flushed at the\ntime the interrupt is freed:\nidxd_dmaengine_drv_remove() ->\n\tdrv_disable_wq() ->\n\t\tidxd_wq_free_irq() ->\n\t\t\tidxd_flush_pending_descs().\n\nIf there are any descriptors present that need to be flushed this\nflow triggers a \"not present\" page fault as below:\n\n BUG: unable to handle page fault for address: ff391c97c70c9040\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n\nThe address that triggers the fault is the address of the\ndescriptor that was freed moments earlier via:\ndrv_disable_wq()->idxd_wq_free_resources()\n\nFix the use after free by freeing the descriptors after any possible\nusage. This is done after idxd_wq_reset() to ensure that the memory\nremains accessible during possible completion writes by the device.(CVE-2022-48867)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Remove rcu locks from user resources\n\nUser resource lookups used rcu to avoid two extra atomics. Unfortunately\nthe rcu paths were buggy and it was easy to make the driver crash by\nsubmitting command buffers from two different threads. Because the\nlookups never show up in performance profiles replace them with a\nregular spin lock which fixes the races in accesses to those shared\nresources.\n\nFixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and\nseen crashes with apps using shared resources.(CVE-2022-48887)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not start relocation until in progress drops are done\n\nWe hit a bug with a recovering relocation on mount for one of our file\nsystems in production. I reproduced this locally by injecting errors\ninto snapshot delete with balance running at the same time. This\npresented as an error while looking up an extent item\n\n WARNING: CPU: 5 PID: 1501 at fs/btrfs/extent-tree.c:866 lookup_inline_extent_backref+0x647/0x680\n CPU: 5 PID: 1501 Comm: btrfs-balance Not tainted 5.16.0-rc8+ #8\n RIP: 0010:lookup_inline_extent_backref+0x647/0x680\n RSP: 0018:ffffae0a023ab960 EFLAGS: 00010202\n RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000000000\n RBP: ffff943fd2a39b60 R08: 0000000000000000 R09: 0000000000000001\n R10: 0001434088152de0 R11: 0000000000000000 R12: 0000000001d05000\n R13: ffff943fd2a39b60 R14: ffff943fdb96f2a0 R15: ffff9442fc923000\n FS: 0000000000000000(0000) GS:ffff944e9eb40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f1157b1fca8 CR3: 000000010f092000 CR4: 0000000000350ee0\n Call Trace:\n \n insert_inline_extent_backref+0x46/0xd0\n __btrfs_inc_extent_ref.isra.0+0x5f/0x200\n ? btrfs_merge_delayed_refs+0x164/0x190\n __btrfs_run_delayed_refs+0x561/0xfa0\n ? btrfs_search_slot+0x7b4/0xb30\n ? btrfs_update_root+0x1a9/0x2c0\n btrfs_run_delayed_refs+0x73/0x1f0\n ? btrfs_update_root+0x1a9/0x2c0\n btrfs_commit_transaction+0x50/0xa50\n ? btrfs_update_reloc_root+0x122/0x220\n prepare_to_merge+0x29f/0x320\n relocate_block_group+0x2b8/0x550\n btrfs_relocate_block_group+0x1a6/0x350\n btrfs_relocate_chunk+0x27/0xe0\n btrfs_balance+0x777/0xe60\n balance_kthread+0x35/0x50\n ? btrfs_balance+0xe60/0xe60\n kthread+0x16b/0x190\n ? set_kthread_struct+0x40/0x40\n ret_from_fork+0x22/0x30\n \n\nNormally snapshot deletion and relocation are excluded from running at\nthe same time by the fs_info->cleaner_mutex. However if we had a\npending balance waiting to get the ->cleaner_mutex, and a snapshot\ndeletion was running, and then the box crashed, we would come up in a\nstate where we have a half deleted snapshot.\n\nAgain, in the normal case the snapshot deletion needs to complete before\nrelocation can start, but in this case relocation could very well start\nbefore the snapshot deletion completes, as we simply add the root to the\ndead roots list and wait for the next time the cleaner runs to clean up\nthe snapshot.\n\nFix this by setting a bit on the fs_info if we have any DEAD_ROOT's that\nhad a pending drop_progress key. If they do then we know we were in the\nmiddle of the drop operation and set a flag on the fs_info. Then\nbalance can wait until this flag is cleared to start up again.\n\nIf there are DEAD_ROOT's that don't have a drop_progress set then we're\nsafe to start balance right away as we'll be properly protected by the\ncleaner_mutex.(CVE-2022-48901)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not WARN_ON() if we have PageError set\n\nWhenever we do any extent buffer operations we call\nassert_eb_page_uptodate() to complain loudly if we're operating on an\nnon-uptodate page. Our overnight tests caught this warning earlier this\nweek\n\n WARNING: CPU: 1 PID: 553508 at fs/btrfs/extent_io.c:6849 assert_eb_page_uptodate+0x3f/0x50\n CPU: 1 PID: 553508 Comm: kworker/u4:13 Tainted: G W 5.17.0-rc3+ #564\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014\n Workqueue: btrfs-cache btrfs_work_helper\n RIP: 0010:assert_eb_page_uptodate+0x3f/0x50\n RSP: 0018:ffffa961440a7c68 EFLAGS: 00010246\n RAX: 0017ffffc0002112 RBX: ffffe6e74453f9c0 RCX: 0000000000001000\n RDX: ffffe6e74467c887 RSI: ffffe6e74453f9c0 RDI: ffff8d4c5efc2fc0\n RBP: 0000000000000d56 R08: ffff8d4d4a224000 R09: 0000000000000000\n R10: 00015817fa9d1ef0 R11: 000000000000000c R12: 00000000000007b1\n R13: ffff8d4c5efc2fc0 R14: 0000000001500000 R15: 0000000001cb1000\n FS: 0000000000000000(0000) GS:ffff8d4dbbd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ff31d3448d8 CR3: 0000000118be8004 CR4: 0000000000370ee0\n Call Trace:\n\n extent_buffer_test_bit+0x3f/0x70\n free_space_test_bit+0xa6/0xc0\n load_free_space_tree+0x1f6/0x470\n caching_thread+0x454/0x630\n ? rcu_read_lock_sched_held+0x12/0x60\n ? rcu_read_lock_sched_held+0x12/0x60\n ? rcu_read_lock_sched_held+0x12/0x60\n ? lock_release+0x1f0/0x2d0\n btrfs_work_helper+0xf2/0x3e0\n ? lock_release+0x1f0/0x2d0\n ? finish_task_switch.isra.0+0xf9/0x3a0\n process_one_work+0x26d/0x580\n ? process_one_work+0x580/0x580\n worker_thread+0x55/0x3b0\n ? process_one_work+0x580/0x580\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n\nThis was partially fixed by c2e39305299f01 (\"btrfs: clear extent buffer\nuptodate when we fail to write it\"), however all that fix did was keep\nus from finding extent buffers after a failed writeout. It didn't keep\nus from continuing to use a buffer that we already had found.\n\nIn this case we're searching the commit root to cache the block group,\nso we can start committing the transaction and switch the commit root\nand then start writing. After the switch we can look up an extent\nbuffer that hasn't been written yet and start processing that block\ngroup. Then we fail to write that block out and clear Uptodate on the\npage, and then we start spewing these errors.\n\nNormally we're protected by the tree lock to a certain degree here. If\nwe read a block we have that block read locked, and we block the writer\nfrom locking the block before we submit it for the write. However this\nisn't necessarily fool proof because the read could happen before we do\nthe submit_bio and after we locked and unlocked the extent buffer.\n\nAlso in this particular case we have path->skip_locking set, so that\nwon't save us here. We'll simply get a block that was valid when we\nread it, but became invalid while we were using it.\n\nWhat we really want is to catch the case where we've \"read\" a block but\nit's not marked Uptodate. On read we ClearPageError(), so if we're\n!Uptodate and !Error we know we didn't do the right thing for reading\nthe page.\n\nFix this by checking !Uptodate && !Error, this way we will not complain\nif our buffer gets invalidated while we're using it, and we'll maintain\nthe spirit of the check which is to make sure we have a fully in-cache\nblock while we're messing with it.(CVE-2022-48902)\n\nntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.(CVE-2023-45896)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits. This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways. Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this). Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs. We have\ndiv64_ul() in case we want to be safe & cheap. Thirdly, if dirty\nthresholds are larger than 1<<32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot.(CVE-2024-42102)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.(CVE-2024-42276)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.(CVE-2024-42311)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.(CVE-2024-43849)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03(CVE-2024-43856)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 181.843997] #PF: supervisor instruction fetch in kernel mode\n[ 181.844003] #PF: error_code(0x0010) - not-present page\n[ 181.844009] PGD 0 P4D 0\n[ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu\n[ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[ 181.844044] RIP: 0010:0x0\n[ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[ 181.844141] Call Trace:\n[ 181.844146] \n[ 181.844153] ? show_regs+0x6d/0x80\n[ 181.844167] ? __die+0x24/0x80\n[ 181.844179] ? page_fault_oops+0x99/0x1b0\n[ 181.844192] ? do_user_addr_fault+0x31d/0x6b0\n[ 181.844204] ? exc_page_fault+0x83/0x1b0\n[ 181.844216] ? asm_exc_page_fault+0x27/0x30\n[ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu](CVE-2024-43899)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference(CVE-2024-43907)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n \n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n \n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.(CVE-2024-43914)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT. Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n 1. Two sockets call listen() concurrently\n 2. No socket in the same group found in sctp_ep_hashtable[]\n 3. Two sockets call reuseport_alloc() and form two reuseport groups\n 4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---(CVE-2024-44935)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).(CVE-2024-44947)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.(CVE-2024-44971)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.(CVE-2024-44974)",
"category":"general",
"title":"Description"
},
{
"text":"An update for kernel is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"category":"general",
"title":"Topic"
},
{
"text":"High",
"category":"general",
"title":"Severity"
},
{
"text":"kernel",
"category":"general",
"title":"Affected Component"
}
],
"publisher":{
"issuing_authority":"openEuler security committee",
"name":"openEuler",
"namespace":"https://www.openeuler.org",
"contact_details":"openeuler-security@openeuler.org",
"category":"vendor"
},
"references":[
{
"summary":"openEuler-SA-2024-2125",
"category":"self",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
},
{
"summary":"CVE-2022-48867",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48867&packageName=kernel"
},
{
"summary":"CVE-2022-48887",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48887&packageName=kernel"
},
{
"summary":"CVE-2022-48901",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48901&packageName=kernel"
},
{
"summary":"CVE-2022-48902",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48902&packageName=kernel"
},
{
"summary":"CVE-2023-45896",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-45896&packageName=kernel"
},
{
"summary":"CVE-2024-42102",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-42102&packageName=kernel"
},
{
"summary":"CVE-2024-42276",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-42276&packageName=kernel"
},
{
"summary":"CVE-2024-42311",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-42311&packageName=kernel"
},
{
"summary":"CVE-2024-43849",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-43849&packageName=kernel"
},
{
"summary":"CVE-2024-43856",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-43856&packageName=kernel"
},
{
"summary":"CVE-2024-43899",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-43899&packageName=kernel"
},
{
"summary":"CVE-2024-43907",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-43907&packageName=kernel"
},
{
"summary":"CVE-2024-43914",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-43914&packageName=kernel"
},
{
"summary":"CVE-2024-44935",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-44935&packageName=kernel"
},
{
"summary":"CVE-2024-44947",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-44947&packageName=kernel"
},
{
"summary":"CVE-2024-44971",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-44971&packageName=kernel"
},
{
"summary":"CVE-2024-44974",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-44974&packageName=kernel"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48867"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48887"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48901"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48902"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45896"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42102"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42276"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42311"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43849"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43856"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43899"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43907"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43914"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44935"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44947"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44971"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44974"
},
{
"summary":"openEuler-SA-2024-2125 vex file",
"category":"self",
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-2125.json"
}
],
"title":"An update for kernel is now available for openEuler-22.03-LTS-SP4",
"tracking":{
"initial_release_date":"2024-09-14T20:21:44+08:00",
"revision_history":[
{
"date":"2024-09-14T20:21:44+08:00",
"summary":"Initial",
"number":"1.0.0"
}
],
"generator":{
"date":"2024-09-14T20:21:44+08:00",
"engine":{
"name":"openEuler CSAF Tool V1.0"
}
},
"current_release_date":"2024-09-14T20:21:44+08:00",
"id":"openEuler-SA-2024-2125",
"version":"1.0.0",
"status":"final"
}
},
"product_tree":{
"branches":[
{
"name":"openEuler",
"category":"vendor",
"branches":[
{
"name":"openEuler",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"openEuler-22.03-LTS-SP4",
"name":"openEuler-22.03-LTS-SP4"
},
"name":"openEuler-22.03-LTS-SP4",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"aarch64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"perf-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"perf-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"perf-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"name":"python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm"
},
"name":"python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"category":"product_version"
}
],
"category":"architecture"
},
{
"name":"x86_64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"perf-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"perf-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"perf-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"name":"python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm"
},
"name":"python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"category":"product_version"
}
],
"category":"architecture"
},
{
"name":"src",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-5.10.0-228.0.0.127.oe2203sp4.src.rpm",
"name":"kernel-5.10.0-228.0.0.127.oe2203sp4.src.rpm"
},
"name":"kernel-5.10.0-228.0.0.127.oe2203sp4.src.rpm",
"category":"product_version"
}
],
"category":"architecture"
}
]
}
],
"relationships":[
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"perf-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"perf-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"name":"python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"perf-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"perf-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"name":"python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-5.10.0-228.0.0.127.oe2203sp4.src.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src",
"name":"kernel-5.10.0-228.0.0.127.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
}
]
},
"vulnerabilities":[
{
"cve":"CVE-2022-48867",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Prevent use after free on completion memory\n\nOn driver unload any pending descriptors are flushed at the\ntime the interrupt is freed:\nidxd_dmaengine_drv_remove() ->\n\tdrv_disable_wq() ->\n\t\tidxd_wq_free_irq() ->\n\t\t\tidxd_flush_pending_descs().\n\nIf there are any descriptors present that need to be flushed this\nflow triggers a \"not present\" page fault as below:\n\n BUG: unable to handle page fault for address: ff391c97c70c9040\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n\nThe address that triggers the fault is the address of the\ndescriptor that was freed moments earlier via:\ndrv_disable_wq()->idxd_wq_free_resources()\n\nFix the use after free by freeing the descriptors after any possible\nusage. This is done after idxd_wq_reset() to ensure that the memory\nremains accessible during possible completion writes by the device.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":6.4,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2022-48867"
},
{
"cve":"CVE-2022-48887",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:drm/vmwgfx: Remove rcu locks from user resourcesUser resource lookups used rcu to avoid two extra atomics. Unfortunatelythe rcu paths were buggy and it was easy to make the driver crash bysubmitting command buffers from two different threads. Because thelookups never show up in performance profiles replace them with aregular spin lock which fixes the races in accesses to those sharedresources.Fixes kernel oops es in IGT s vmwgfx execution_buffer stress test andseen crashes with apps using shared resources.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2022-48887"
},
{
"cve":"CVE-2022-48901",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:btrfs: do not start relocation until in progress drops are doneWe hit a bug with a recovering relocation on mount for one of our filesystems in production. I reproduced this locally by injecting errorsinto snapshot delete with balance running at the same time. Thispresented as an error while looking up an extent item WARNING: CPU: 5 PID: 1501 at fs/btrfs/extent-tree.c:866 lookup_inline_extent_backref+0x647/0x680 CPU: 5 PID: 1501 Comm: btrfs-balance Not tainted 5.16.0-rc8+ #8 RIP: 0010:lookup_inline_extent_backref+0x647/0x680 RSP: 0018:ffffae0a023ab960 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000000000 RBP: ffff943fd2a39b60 R08: 0000000000000000 R09: 0000000000000001 R10: 0001434088152de0 R11: 0000000000000000 R12: 0000000001d05000 R13: ffff943fd2a39b60 R14: ffff943fdb96f2a0 R15: ffff9442fc923000 FS: 0000000000000000(0000) GS:ffff944e9eb40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1157b1fca8 CR3: 000000010f092000 CR4: 0000000000350ee0 Call Trace: insert_inline_extent_backref+0x46/0xd0 __btrfs_inc_extent_ref.isra.0+0x5f/0x200 ? btrfs_merge_delayed_refs+0x164/0x190 __btrfs_run_delayed_refs+0x561/0xfa0 ? btrfs_search_slot+0x7b4/0xb30 ? btrfs_update_root+0x1a9/0x2c0 btrfs_run_delayed_refs+0x73/0x1f0 ? btrfs_update_root+0x1a9/0x2c0 btrfs_commit_transaction+0x50/0xa50 ? btrfs_update_reloc_root+0x122/0x220 prepare_to_merge+0x29f/0x320 relocate_block_group+0x2b8/0x550 btrfs_relocate_block_group+0x1a6/0x350 btrfs_relocate_chunk+0x27/0xe0 btrfs_balance+0x777/0xe60 balance_kthread+0x35/0x50 ? btrfs_balance+0xe60/0xe60 kthread+0x16b/0x190 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x22/0x30 Normally snapshot deletion and relocation are excluded from running atthe same time by the fs_info->cleaner_mutex. However if we had apending balance waiting to get the ->cleaner_mutex, and a snapshotdeletion was running, and then the box crashed, we would come up in astate where we have a half deleted snapshot.Again, in the normal case the snapshot deletion needs to complete beforerelocation can start, but in this case relocation could very well startbefore the snapshot deletion completes, as we simply add the root to thedead roots list and wait for the next time the cleaner runs to clean upthe snapshot.Fix this by setting a bit on the fs_info if we have any DEAD_ROOT s thathad a pending drop_progress key. If they do then we know we were in themiddle of the drop operation and set a flag on the fs_info. Thenbalance can wait until this flag is cleared to start up again.If there are DEAD_ROOT s that don t have a drop_progress set then we resafe to start balance right away as we ll be properly protected by thecleaner_mutex.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2022-48901"
},
{
"cve":"CVE-2022-48902",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not WARN_ON() if we have PageError set\n\nWhenever we do any extent buffer operations we call\nassert_eb_page_uptodate() to complain loudly if we're operating on an\nnon-uptodate page. Our overnight tests caught this warning earlier this\nweek\n\n WARNING: CPU: 1 PID: 553508 at fs/btrfs/extent_io.c:6849 assert_eb_page_uptodate+0x3f/0x50\n CPU: 1 PID: 553508 Comm: kworker/u4:13 Tainted: G W 5.17.0-rc3+ #564\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014\n Workqueue: btrfs-cache btrfs_work_helper\n RIP: 0010:assert_eb_page_uptodate+0x3f/0x50\n RSP: 0018:ffffa961440a7c68 EFLAGS: 00010246\n RAX: 0017ffffc0002112 RBX: ffffe6e74453f9c0 RCX: 0000000000001000\n RDX: ffffe6e74467c887 RSI: ffffe6e74453f9c0 RDI: ffff8d4c5efc2fc0\n RBP: 0000000000000d56 R08: ffff8d4d4a224000 R09: 0000000000000000\n R10: 00015817fa9d1ef0 R11: 000000000000000c R12: 00000000000007b1\n R13: ffff8d4c5efc2fc0 R14: 0000000001500000 R15: 0000000001cb1000\n FS: 0000000000000000(0000) GS:ffff8d4dbbd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ff31d3448d8 CR3: 0000000118be8004 CR4: 0000000000370ee0\n Call Trace:\n\n extent_buffer_test_bit+0x3f/0x70\n free_space_test_bit+0xa6/0xc0\n load_free_space_tree+0x1f6/0x470\n caching_thread+0x454/0x630\n ? rcu_read_lock_sched_held+0x12/0x60\n ? rcu_read_lock_sched_held+0x12/0x60\n ? rcu_read_lock_sched_held+0x12/0x60\n ? lock_release+0x1f0/0x2d0\n btrfs_work_helper+0xf2/0x3e0\n ? lock_release+0x1f0/0x2d0\n ? finish_task_switch.isra.0+0xf9/0x3a0\n process_one_work+0x26d/0x580\n ? process_one_work+0x580/0x580\n worker_thread+0x55/0x3b0\n ? process_one_work+0x580/0x580\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n\nThis was partially fixed by c2e39305299f01 (\"btrfs: clear extent buffer\nuptodate when we fail to write it\"), however all that fix did was keep\nus from finding extent buffers after a failed writeout. It didn't keep\nus from continuing to use a buffer that we already had found.\n\nIn this case we're searching the commit root to cache the block group,\nso we can start committing the transaction and switch the commit root\nand then start writing. After the switch we can look up an extent\nbuffer that hasn't been written yet and start processing that block\ngroup. Then we fail to write that block out and clear Uptodate on the\npage, and then we start spewing these errors.\n\nNormally we're protected by the tree lock to a certain degree here. If\nwe read a block we have that block read locked, and we block the writer\nfrom locking the block before we submit it for the write. However this\nisn't necessarily fool proof because the read could happen before we do\nthe submit_bio and after we locked and unlocked the extent buffer.\n\nAlso in this particular case we have path->skip_locking set, so that\nwon't save us here. We'll simply get a block that was valid when we\nread it, but became invalid while we were using it.\n\nWhat we really want is to catch the case where we've \"read\" a block but\nit's not marked Uptodate. On read we ClearPageError(), so if we're\n!Uptodate and !Error we know we didn't do the right thing for reading\nthe page.\n\nFix this by checking !Uptodate && !Error, this way we will not complain\nif our buffer gets invalidated while we're using it, and we'll maintain\nthe spirit of the check which is to make sure we have a fully in-cache\nblock while we're messing with it.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2022-48902"
},
{
"cve":"CVE-2023-45896",
"notes":[
{
"text":"ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.6,
"vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2023-45896"
},
{
"cve":"CVE-2024-42102",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:Revert mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Patch series mm: Avoid possible overflows in dirty throttling .Dirty throttling logic assumes dirty limits in page units fit into32-bits. This patch series makes sure this is true (see patch 2/2 formore details).This patch (of 2):This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.The commit is broken in several ways. Firstly, the removed (u64) castfrom the multiplication will introduce a multiplication overflow on 32-bitarchs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - thedefault settings with 4GB of RAM will trigger this). Secondly, thediv64_u64() is unnecessarily expensive on 32-bit archs. We havediv64_ul() in case we want to be safe & cheap. Thirdly, if dirtythresholds are larger than 1<<32 pages, then dirty balancing is going toblow up in many other spectacular ways anyway so trying to fix onepossible overflow is just moot.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-42102"
},
{
"cve":"CVE-2024-42276",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"LOW",
"baseScore":3.9,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Low",
"category":"impact"
}
],
"title":"CVE-2024-42276"
},
{
"cve":"CVE-2024-42311",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-42311"
},
{
"cve":"CVE-2024-43849",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-43849"
},
{
"cve":"CVE-2024-43856",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:dma: fix call order in dmam_free_coherentdmam_free_coherent() frees a DMA allocation, which makes thefreed vaddr available for reuse, then calls devres_destroy()to remove and free the data structure used to track the DMAallocation. Between the two calls, it is possible for aconcurrent task to make an allocation with the same vaddrand add it to the devres list.If this happens, there will be two entries in the devres listwith the same vaddr and devres_destroy() can free the wrongentry, triggering the WARN_ON() in dmam_match.Fix by destroying the devres entry before freeing the DMAallocation. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-43856"
},
{
"cve":"CVE-2024-43899",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix null pointer deref in dcn20_resource.cFixes a hang thats triggered when MPV is run on a DCN401 dGPU:mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=alland then enabling fullscreen playback (double click on the video)The following calltrace will be seen:[ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000[ 181.843997] #PF: supervisor instruction fetch in kernel mode[ 181.844003] #PF: error_code(0x0010) - not-present page[ 181.844009] PGD 0 P4D 0[ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI[ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu[ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018[ 181.844044] RIP: 0010:0x0[ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.[ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246[ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004[ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400[ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c[ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8[ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005[ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000[ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0[ 181.844141] Call Trace:[ 181.844146] [ 181.844153] ? show_regs+0x6d/0x80[ 181.844167] ? __die+0x24/0x80[ 181.844179] ? page_fault_oops+0x99/0x1b0[ 181.844192] ? do_user_addr_fault+0x31d/0x6b0[ 181.844204] ? exc_page_fault+0x83/0x1b0[ 181.844216] ? asm_exc_page_fault+0x27/0x30[ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu][ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu][ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu][ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu][ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu][ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu][ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu][ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-43899"
},
{
"cve":"CVE-2024-43907",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-43907"
},
{
"cve":"CVE-2024-43914",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:md/raid5: avoid BUG_ON() while continue reshape after reassemblingCurrently, mdadm support --revert-reshape to abort the reshape whilereassembling, as the test 07revert-grow. However, following BUG_ON()can be triggerred by the test:kernel BUG at drivers/md/raid5.c:6278!invalid opcode: 0000 [#1] PREEMPT SMP PTIirq event stamp: 158985CPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94RIP: 0010:reshape_request+0x3f1/0xe60Call Trace: raid5_sync_request+0x43d/0x550 md_do_sync+0xb7a/0x2110 md_thread+0x294/0x2b0 kthread+0x147/0x1c0 ret_from_fork+0x59/0x70 ret_from_fork_asm+0x1a/0x30 Root cause is that --revert-reshape update the raid_disks from 5 to 4,while reshape position is still set, and after reassembling the array,reshape position will be read from super block, then during reshape thechecking of writepos that is caculated by old reshape position willfail.Fix this panic the easy way first, by converting the BUG_ON() toWARN_ON(), and stop the reshape if checkings fail.Noted that mdadm must fix --revert-shape as well, and probably md/raidshould enhance metadata validation as well, however this meansreassemble will fail and there must be user tools to fix the wrongmetadata.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-43914"
},
{
"cve":"CVE-2024-44935",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:sctp: Fix null-ptr-deref in reuseport_add_sock().syzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb inreuseport_add_sock(). [0]The repro first creates a listener with SO_REUSEPORT. Then, it createsanother listener on the same port and concurrently closes the firstlistener.The second listen() calls reuseport_add_sock() with the first listener assk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,but the close() does clear it by reuseport_detach_sock().The problem is SCTP does not properly synchronise reuseport_alloc(),reuseport_add_sock(), and reuseport_detach_sock().The caller of reuseport_alloc() and reuseport_{add,detach}_sock() mustprovide synchronisation for sockets that are classified into the samereuseport group.Otherwise, such sockets form multiple identical reuseport groups, andall groups except one would be silently dead. 1. Two sockets call listen() concurrently 2. No socket in the same group found in sctp_ep_hashtable[] 3. Two sockets call reuseport_alloc() and form two reuseport groups 4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives incoming packetsAlso, the reported null-ptr-deref could occur.TCP/UDP guarantees that would not happen by holding the hash bucket lock.Let s apply the locking strategy to __sctp_hash_endpoint() and__sctp_unhash_endpoint().[0]:Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTIKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]CPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024RIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350Code: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14RSP: 0018:ffffc9000b947c98 EFLAGS: 00010202RAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012RBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385R10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000FS: 00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400Call Trace: __sctp_hash_endpoint net/sctp/input.c:762 [inline] sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790 sctp_listen_start net/sctp/socket.c:8570 [inline] sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625 __sys_listen_socket net/socket.c:1883 [inline] __sys_listen+0x1b7/0x230 net/socket.c:1894 __do_sys_listen net/socket.c:1902 [inline] __se_sys_listen net/socket.c:1900 [inline] __x64_sys_listen+0x5a/0x70 net/socket.c:1900 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7fRIP: 0033:0x7f24e46039b9Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032RAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9RDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004RBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0R10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42cR13:---truncated---",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-44935"
},
{
"cve":"CVE-2024-44947",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-44947"
},
{
"cve":"CVE-2024-44971",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-44971"
},
{
"cve":"CVE-2024-44974",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2125"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.8,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-228.0.0.127.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-228.0.0.127.oe2203sp4.src"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-44974"
}
]
}